PKI security engineer

Product Cybersecurity PKI & Key Mgmt Security Services

The Product Cybersecurity PKI & Key Mgmt Security Services team generates, distributes, stores, and manages lifecycle for the cryptographic keys and certificates in the vehicle product ecosystem. This includes developing and maintaining in-house APIs and web services to provide confidentiality, integrity and authenticity protection for various use cases and features in the product ecosystem. We are seeking an exceptional Software Engineer specializing in Public Key Infrastructure (PKI) and secure API services to own the end-to-end lifecycle of mission-critical cryptographic systems. You will design, build, deploy, and maintain high-assurance PKI and security service APIs that power certificate issuance, lifecycle management, revocation, and integration for the connected vehicle product ecosystem.

Employees in this job function develop and maintain the back-end/ server-side parts of an application, typically consisting of APIs, databases and other services containing business logic. They work with various languages and tools to create and maintain services on-prem or in the cloud.

Key Responsibilities

• Engage with customers to understand their use-cases and requirements
• Solve complex problems by designing, developing, and delivering using various tools, languages, frameworks, and technologies
• Align with architecture guidelines for a unified and coherent approach to development
• Design, develop, and deliver new code using various tools, languages, frameworks, and technologies
• Develop and maintain back-end applications like APIs and microservices using server-side languages like Java, Python, C#, etc.
• Collaborate with front-end developers to integrate user interface elements and with cross functional teams like product owners, designers, architects etc.
• Manage application deployment to the cloud or on-prem, health and performance monitoring, security hardening and disaster recovery for deployed applications
• Manage data storage and retrievals in applications by utilizing database technologies such as Oracle, MySQL, MongoDB, etc.
• Promote improvements in programming practices, such as test-driven development, continuous integration, and continuous delivery
• Optimize back-end infrastructure and deployment practices to improve application resiliency and reliability
• Support security practices to safeguard user data including encryption and anonymization

Skills Required

Software Testing, PostgreSQL, Computer engineering, Software Development Lifecycle, Software Documentation, Application Development, Bouncy Castle Cryptographic, Cloud Infrastructure, Google Cloud Platform,.NET Core, .NET Developer, Cyber Security, C#, Application Testing, Agile Software Development

Skills Preferred

Kubernetes, Technical Communication, Technical Requirements, Technical Documentation, Application Architect, Technical Analysis

Experience Required

Engineer 3 Exp: Prac. In 2 coding lang. or adv. Prac. in 1 lang. 6+ years in IT; 4+ years in software engineering/development and secure coding practices using object oriented programming Strong knowledge and applicability of software architecture, development, methodologies and design principles including test-driven development Strong understanding and ability to apply cryptographic algorithms and standards in software, including RSA, ECC, AES, X.509 Proven track record of owning customer-facing products from ideation to general acceptance, and flexibility to manage multiple projects and deliverables throughout lifecycle. Bachelor's degree in Computer Science / Engineering

Experience Preferred

2+ years of experience deploying and maintaining cloud infrastructure with Kubernetes or OpenShift, and managing database instances (SQL Postgres, Redis, MongoDB) 2+ years building, maintaining, and integrating with production PKI systems and supporting cryptographic interfaces. Experience and understanding of industry security standards and applying them in our software solutions and processes, including NIST, OWASP, and relevant ISO and IEEE standards. Strong knowledge and applicability of software architecture, development, methodologies and design principles including test-driven development Familiarity with in-vehicle network architecture, modules, and protocols

Education Required

Bachelor's Degree

Additional Information

Hybrid Position 4 days a week on site Will consider remote candidates if they happen to be the best candidate identified. End-to-End Ownership: Lead the full lifecycle of PKI and Key Management services supporting our vehicle products and ecosystem — lead customer requirements gathering, architecture design, implementation, testing, deployment, monitoring, and post-launch support. Design and develop robust, secure, and scalable RESTful APIs and web services for various features and use cases: CRL/OCSP, ACME, Certificate Issuance, message encryption/decryption, software signing, key rotation and certificate lifecycle management, HSM integration with PKCS11. Implement access control methods that enforce least privilege access principles using OAuth or mTLS. Cryptographic Engineering: Implement and harden PKI and key services with deep knowledge of PKI industry standards, X.509, PKCS standards, elliptic curve cryptography (ECC) and RSA, post-quantum readiness, and hardware security module CSP integration. Apply hybrid encryption techniques with AES. Define and enforce PKI certificate policies and certificate profiles. Infrastructure and CI/CD Integration: Release and Deploy your apps through build server, CI/CD pipeline, and infrastructure involving on-premises and cloud Kubernetes Security & Compliance: Monitor and address findings regularly in code base through SAST, DAST, software quality and security vulnerability scanning. Drive and support testing at each stage of the development process. V2Soft is an Equal Opportunity Employer ( EOE). We welcome applicants from all backgrounds, including individuals with disabilities and veterans.