Sr. PKI Engineer, Infrastructure

  • Fremont, CA
  • Posted 51 days ago | Updated 5 hours ago

Overview

On Site
USD 111,200.00 per year
Full Time

Skills

Distribution
Virtual Machines
Use Cases
Authentication
Collaboration
Strong Authentication
Python
High Availability
Scalability
Auditing
Regulatory Compliance
Splunk
Grafana
Documentation
Hierarchical Storage Management
Dashboard
Emerging Technologies
Computer Science
Information Security
FOCUS
SAS Cloud Analytic Services
Active Directory
Windows PowerShell
Scripting
PKI
System Administration
Network Security
Encryption
Identity Management
SAML
OIDC
OAuth
Kerberos
Cloud Security
Amazon Web Services
Microsoft Azure
Management
Cloud Computing
Access Control
RBAC
Lifecycle Management
PPO
Payroll
Health Care
FSA
Finance
Apache Flex
Legal
Insurance

Job Details

We are seeking a highly motivated Engineer with expertise in Public Key Infrastructure (PKI) and Identity and Access Management (IAM) to join our dynamic team. The ideal candidate will have a strong background in PKI management, including expertise with EJBCA and Active Directory Certificate Services, as well as experience in managing digital certificates, symmetric and asymmetric keys and related security technologies. In this role, you will be responsible for designing, implementing, and maintaining solutions across the organization, ensuring secure identity management and encryption across various platforms and services. You will work closely with internal teams to integrate PKI with IAM systems, automate processes, and ensure high availability and security of our identity management infrastructure.

Responsibilities
  • Design, implement, and manage comprehensive PKI environments, ensuring secure certificate lifecycle management, encryption, and access control. Leverage tools such as EJBCA and Active Directory Certificate Services (ADCS) for CA operations and certificate management
  • Digital Certificate Lifecycle Management, Oversee the creation, distribution, revocation, and renewal of digital certificates across the organization. Ensure automated certificate management processes are in place to minimize downtime and risk
  • Design, deploy, and integrate Key Management and HSM Services with customers, providing VM and payload encryption in addition to code and document signing and emerging use cases
  • Integrate PKI solutions with Identity and Access Management (IAM) systems, including Active Directory, Azure AD, and other identity providers, to ensure secure access, authentication, and encryption across applications, services, and networks
  • Collaborate with security teams to implement strong authentication protocols and access control policies, including RBAC and/or ABAC to enhance the security of enterprise systems
  • Develop and implement automation for certificate generation, deployment, and management using scripting languages (e.g., PowerShell, Python), ensuring high availability and scalability of PKI services
  • Monitor the security posture of PKI environments, identifying risks and implementing remediation strategies. Conduct regular security audits and ensure compliance with internal security policies and industry standards. Create reports, dashboards, and alerts using platforms like Splunk and Grafana to provide observability
  • Actively participate in the 24/7 on-call rotation to provide expert-level support for PKI and IAM systems during outages, incidents, or security events. Conduct postmortem analysis and implement corrective actions as needed
  • Maintain comprehensive documentation for PKI, HSM, and KMS processes, configurations, and policies. Develop detailed reports and dashboards to track system performance, certificate health, and security incidents
  • Evaluate and manage relationships with vendors providing PKI and IAM solutions. Stay up to date with emerging technologies and implement best practices to enhance the security and efficiency of the identity management infrastructure

Requirements
  • Bachelor's Degree in Computer Science, Information Security, or a related field; or equivalent work experience
  • 5+ years of experience in PKI, Identity and Access Management (IAM), and security technologies, with a focus on enterprise-level PKI implementations
  • Proven experience with EJBCA, Active Directory Certificate Services (ADCS), and other PKI management tools and platforms
  • Expertise in digital certificate management, including generation, renewal, revocation, and security policies
  • Strong knowledge of PKI architecture, certificate authorities (CAs), and certificate lifecycle management tools
  • Experience with IAM platforms such as Active Directory, Azure AD, and other third-party identity providers
  • Proficient in scripting languages like PowerShell (preferred), or other scripting languages for automating PKI processes and system administration tasks
  • Strong understanding of network security protocols, encryption, and identity management standards such as SAML, OIDC, OAuth, and Kerberos
  • Experience with cloud security (e.g., AWS, Azure) and managing security in multi-cloud or hybrid environments
  • Experience with Identity Governance and Administration (IGA) solutions, including role-based access control (RBAC) and user lifecycle management

Compensation and Benefits
Benefits

Along with competitive pay, as a full-time Tesla employee, you are eligible for the following benefits at day 1 of hire:
  • Aetna PPO and HSA plans > 2 medical plan options with $0 payroll deduction
  • Family-building, fertility, adoption and surrogacy benefits
  • Dental (including orthodontic coverage) and vision plans, both have options with a $0 paycheck contribution
  • Company Paid (Health Savings Account) HSA Contribution when enrolled in the High Deductible Aetna medical plan with HSA
  • Healthcare and Dependent Care Flexible Spending Accounts (FSA)
  • 401(k) with employer match, Employee Stock Purchase Plans, and other financial benefits
  • Company paid Basic Life, AD&D, short-term and long-term disability insurance
  • Employee Assistance Program
  • Sick and Vacation time (Flex time for salary positions), and Paid Holidays
  • Back-up childcare and parenting support resources
  • Voluntary benefits to include: critical illness, hospital indemnity, accident insurance, theft & legal services, and pet insurance
  • Weight Loss and Tobacco Cessation Programs
  • Tesla Babies program
  • Commuter benefits
  • Employee discounts and perks program
    • Expected Compensation

      $111,200 - $433,680/annual salary + cash and stock awards + benefits

      Pay offered may vary depending on multiple individualized factors, including market location, job-related knowledge, skills, and experience. The total compensation package for this position may also include other elements dependent on the position offered. Details of participation in these benefit plans will be provided if an employee receives an offer of employment.
Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.