[Skip To Content]

Staff Cybersecurity Engineer - PKI/Secrets Management

  • 위치
    • Austin, Texas
    • Warren, Michigan
  • 직무 유형 Full time
  • 게시됨
  • Job Requisition JR-202603684

설명

The Role:

We’re looking for a senior, self-driven Cyber Security Engineer to own the strategy, design, implementation, and operation of our enterprise PKI and secrets management capabilities. This role is accountable for how trust, identity, and secure access are established and enforced across the enterprise, and for ensuring these foundations scale with the business.
You will operate as a technical leader and subject-matter expert, partnering with senior engineering and security leaders to define long-term direction, set standards, and drive adoption. You should thrive in a fast-paced, agile environment—comfortable making high-impact decisions, navigating ambiguity, and rapidly adapting as technologies and requirements evolve.

What You’ll Do:

  • Setting the technical vision and architecting, implementing, and operating scalable, highly available PKI and secrets management services for the enterprise.

  • Owning design decisions that shape internal trust models, cryptographic architectures, and access patterns for the most sensitive data and systems.

  • Defining, implementing, and continuously improving policies, processes, and controls for the full lifecycle of keys, certificates, and secrets across diverse platforms.

  • Influencing and aligning engineering, infrastructure, and leadership teams to deliver robust, observable, and compliant cryptographic systems.

  • Mentoring and developing engineers, raising the bar for technical excellence, and driving consistent best practices for cryptographic and secrets management across the organization.

  • Advising senior leadership on long-term security architecture strategy, trade-offs, and investment priorities related to identity, PKI, and secrets management.

  • Providing operational leadership, including participation in on-call rotations for global, mission-critical services and driving post-incident improvements.

  • Leading HSM strategy, including architecture, platform selection, appliance consolidation, and multi-year roadmap planning in alignment with enterprise security and compliance goals.

Your Skills & Abilities (Required Qualifications):

  • Bachelor’s degree in Computer Science, Mathematics, Physics, or equivalent senior-level industry experience.

  • 7+ years experience in enterprise security engineering or Site Reliability Engineering (SRE), with direct responsibility for high-availability security or cryptographic services.

  • 7+ years experience with enterprise secrets management platforms (e.g., HashiCorp Vault, AWS Secrets Manager, Azure Key Vault, BeyondTrust), including architecture, operations, and integration at scale.

  • Strong understanding of public-key cryptography, PKI, and modern cryptographic protocols, with the ability to make pragmatic, risk-informed design decisions.

  • Demonstrated experience designing, operating, and evolving production PKI systems (root and issuing CAs, CRL/OCSP, certificate lifecycle, and policy governance).

  • Proficiency with infrastructure-as-code (e.g., Terraform) and engineering practices that enable repeatable, auditable, and secure deployments.

  • Working knowledge of major cloud platforms (AWS, GCP, Azure) and how to integrate PKI and secrets management with cloud-native services.

  • Experience with containerization, orchestration (e.g., Kubernetes), and CI/CD workflows, including secure delivery patterns and secrets handling.

  • Excellent communication skills, with a track record of presenting complex technical concepts, trade-offs, and recommendations to engineering and executive audiences.

  • Strong threat modeling and security architecture skills, with the ability to anticipate abuse cases and design for resilience.

  • Hands-on management, integration, and configuration experience with HSM platforms (Entrust, Thales, etc.), including key ceremonies, partitioning, and role design.

  • Experience working with and implementing security standards and frameworks (e.g., FIPS 140-2/3, PCI-DSS, and related controls), and translating them into actionable technical requirements.

What Will Give You A Competitive Edge (Preferred Qualifications):

  • HashiCorp Vault certification or clearly demonstrable expert-level proficiency with Vault in complex, production environments.

  • Deep expertise in HashiCorp Vault and Terraform, including multi-tenant architectures, performance optimization, and automation of large-scale deployments.

  • Experience scaling backend systems and implementing secure hardware solutions (HSM, TPM, TEE, etc.) in high-availability, regulated environments.

  • Familiarity with modern authentication and authorization protocols (OAuth 2.0, OIDC, WebAuthn/FIDO2, Zero Trust architectures) and how they integrate with PKI and secrets management.

  • Experience with remote attestation, secure enclaves, and hardware-backed key protection in cloud or hybrid environments.

  • Proficiency in at least one modern programming language (e.g., Go, Rust, Python, Node.js) for building integrations, tooling, and automation around cryptographic and secrets platforms.

  • Demonstrated passion for security, rigor, and correctness, with a strong bias toward automation, measurable outcomes, and operational excellence.

#LI-SB3

GM does not provide immigration-related sponsorship for this role. Do not apply for this role if you will need GM immigration sponsorship now or in the future. This includes direct company sponsorship, entry of GM as the immigration employer of record on a government form, and any work authorization requiring a written submission or other immigration support from the company (e.g., H1-B, OPT, STEM OPT, CPT, TN, J-1, etc.)

이 직무는 하이브리드 직무로 분류됩니다. 즉, 선발된 지원자는 특정 근무지로 주 3일 이상(또는 관리자가 지정한 다른 빈도로) 특정 근무지로 출근해야 합니다.

이 직무는 리로케이션 혜택을 받을 수 있습니다.

다양성 정보

General Motors는 법적으로 금지된 차별을 배제하는 것은 물론 포용성과 소속감을 진정으로 장려하는 직장이 되기 위해 노력하고 있습니다. 당사는 다양성이 보장되는 환경에서 직원들이 역량을 발휘하고 우리 고객을 위한 더 좋은 제품을 개발할 수 있다고 믿습니다. 따라서 입사에 관심 있는 사람이 있다면 포지션별 주요 업무와 자격을 확인하고 본인이 보유한 기술과 능력에 부합하는 모든 포지션에 적극적으로 지원하기를 장려합니다. 지원자는 채용 과정에서 역할 관련 평가(해당하는 경우) 및/또는 채용 전 스크리닝을 통과해야 합니다.  자세한 정보는 GM 채용 과정 안내를 참고하십시오.

공평한 취업 기회 선언 (미국)

General Motors는 공평한 기회를 제공하는 고용주임을 자부합니다.  자격을 만족하는 지원자는 인종과 피부색, 성별, 성적 지향, 성별 정체성, 국적, 장애, 재향 군인 보호법 적용 여부와 상관없이 채용 후보로서 심사를 받습니다. 

숙소 (미국 및 캐나다)

General Motors는 장애인을 포함한 모든 구직자들에게 취업 기회를 제공합니다. 구직이나 취업 지원에 도움이 되는 합리적인 숙소가 필요한 경우 [email protected]으로 이메일을 보내시거나 800-865-7580으로 전화주십시오. 이메일에, 귀하가 요청하는 특정한 숙소에 대한 설명과 귀하가 지원하는 직무와 채용 요청서 번호를 포함해주세요.