FremontRecruiter Since 2001
the smart solution for Fremont jobs

Sr. PKI Engineer, Infrastructure

Company: Tesla, Inc.
Location: Fremont
Posted on: March 24, 2025

Job Description:

We are seeking a highly motivated Engineer with expertise in Public Key Infrastructure (PKI) and Identity and Access Management (IAM) to join our dynamic team. The ideal candidate will have a strong background in PKI management, including expertise with EJBCA and Active Directory Certificate Services, as well as experience in managing digital certificates, symmetric and asymmetric keys and related security technologies. In this role, you will be responsible for designing, implementing, and maintaining solutions across the organization, ensuring secure identity management and encryption across various platforms and services. You will work closely with internal teams to integrate PKI with IAM systems, automate processes, and ensure high availability and security of our identity management infrastructure.What to ExpectThe ideal candidate will have a strong background in PKI management, including expertise with EJBCA and Active Directory Certificate Services, as well as experience in managing digital certificates, symmetric and asymmetric keys and related security technologies. In this role, you will be responsible for designing, implementing, and maintaining solutions across the organization, ensuring secure identity management and encryption across various platforms and services. You will work closely with internal teams to integrate PKI with IAM systems, automate processes, and ensure high availability and security of our identity management infrastructure.What You'll Do

  • Design, implement, and manage comprehensive PKI environments, ensuring secure certificate lifecycle management, encryption, and access control. Leverage tools such as EJBCA and Active Directory Certificate Services (ADCS) for CA operations and certificate management.
  • Oversee the creation, distribution, revocation, and renewal of digital certificates across the organization. Ensure automated certificate management processes are in place to minimize downtime and risk.
  • Design, deploy, and integrate Key Management and HSM Services with customers, providing VM and payload encryption in addition to code and document signing and emerging use cases.
  • Integrate PKI solutions with Identity and Access Management (IAM) systems, including Active Directory, Azure AD, and other identity providers, to ensure secure access, authentication, and encryption across applications, services, and networks.
  • Collaborate with security teams to implement strong authentication protocols and access control policies, including RBAC and/or ABAC to enhance the security of enterprise systems.
  • Develop and implement automation for certificate generation, deployment, and management using scripting languages (e.g., PowerShell, Python), ensuring high availability and scalability of PKI services.
  • Monitor the security posture of PKI environments, identifying risks and implementing remediation strategies. Conduct regular security audits and ensure compliance with internal security policies and industry standards. Create reports, dashboards, and alerts using platforms like Splunk and Grafana to provide observability.
  • Actively participate in the 24/7 on-call rotation to provide expert-level support for PKI and IAM systems during outages, incidents, or security events. Conduct postmortem analysis and implement corrective actions as needed.
  • Maintain comprehensive documentation for PKI, HSM, and KMS processes, configurations, and policies. Develop detailed reports and dashboards to track system performance, certificate health, and security incidents.
  • Evaluate and manage relationships with vendors providing PKI and IAM solutions. Stay up to date with emerging technologies and implement best practices to enhance the security and efficiency of the identity management infrastructure.What You'll Bring
    • Bachelor's Degree in Computer Science, Information Security, or a related field; or equivalent work experience.
    • 5+ years of experience in PKI, Identity and Access Management (IAM), and security technologies, with a focus on enterprise-level PKI implementations.
    • Proven experience with EJBCA, Active Directory Certificate Services (ADCS), and other PKI management tools and platforms.
    • Expertise in digital certificate management, including generation, renewal, revocation, and security policies.
    • Strong knowledge of PKI architecture, certificate authorities (CAs), and certificate lifecycle management tools.
    • Experience with IAM platforms such as Active Directory, Azure AD, and other third-party identity providers.
    • Proficient in scripting languages like PowerShell (preferred), or other scripting languages for automating PKI processes and system administration tasks.
    • Strong understanding of network security protocols, encryption, and identity management standards such as SAML, OIDC, OAuth, and Kerberos.
    • Experience with cloud security (e.g., AWS, Azure) and managing security in multi-cloud or hybrid environments.
    • Experience with Identity Governance and Administration (IGA) solutions, including role-based access control (RBAC) and user lifecycle management.Compensation and BenefitsAlong with competitive pay, as a full-time Tesla employee, you are eligible for the following benefits at day 1 of hire:
      • Aetna PPO and HSA plans > 2 medical plan options with $0 payroll deduction.
      • Family-building, fertility, adoption and surrogacy benefits.
      • Dental (including orthodontic coverage) and vision plans, both have options with a $0 paycheck contribution.
      • Company Paid (Health Savings Account) HSA Contribution when enrolled in the High Deductible Aetna medical plan with HSA.
      • Healthcare and Dependent Care Flexible Spending Accounts (FSA).
      • 401(k) with employer match, Employee Stock Purchase Plans, and other financial benefits.
      • Company paid Basic Life, AD&D, short-term and long-term disability insurance.
      • Employee Assistance Program.
      • Sick and Vacation time (Flex time for salary positions), and Paid Holidays.
      • Back-up childcare and parenting support resources.
      • Voluntary benefits to include: critical illness, hospital indemnity, accident insurance, theft & legal services, and pet insurance.
      • Weight Loss and Tobacco Cessation Programs.
      • Tesla Babies program.
      • Commuter benefits.
      • Employee discounts and perks program.Expected Compensation: $111,200 - $433,680/annual salary + cash and stock awards + benefits. Pay offered may vary depending on multiple individualized factors, including market location, job-related knowledge, skills, and experience. The total compensation package for this position may also include other elements dependent on the position offered. Details of participation in these benefit plans will be provided if an employee receives an offer of employment.Tesla is an Equal Opportunity employer. All qualified applicants will receive consideration for employment without regard to any factor, including veteran status and disability status, protected by applicable federal, state or local laws.Tesla is also committed to working with and providing reasonable accommodations to individuals with disabilities. Please let your recruiter know if you need an accommodation at any point during the interview process.Privacy is a top priority for Tesla. We build it into our products and view it as an essential part of our business. To understand more about the data we collect and process as part of your application, please view our Tesla Talent Privacy Notice.
        #J-18808-Ljbffr

Keywords: Tesla, Inc., Fremont , Sr. PKI Engineer, Infrastructure, Engineering , Fremont, California

Click here to apply!

Didn't find what you're looking for? Search again!

I'm looking for
in category
within


Log In or Create An Account

Forgot password?

Get the latest California jobs by following @recnetCA on Twitter!

Fremont RSS job feeds