×
Register Here to Apply for Jobs or Post Jobs. X

Senior Security Engineer, PKI & Secrets

Job in Grand Rapids, Kent County, Michigan, 49528, USA
Listing for: Dormont Manufacturing Co
Full Time position
Listed on 2026-07-03
Job specializations:
  • IT/Tech
    Systems Engineer, Cybersecurity, IT Infrastructure, Information Security
Salary/Wage Range or Industry Benchmark: 165000 - 242000 USD Yearly USD 165000.00 242000.00 YEAR
Job Description & How to Apply Below

Core Weave is The Essential Cloud for AI™. Built for pioneers by pioneers, Core Weave delivers a platform of technology, tools, and teams that enables innovators to build and scale AI with confidence. Trusted by leading AI labs, startups, and global enterprises, Core Weave combines superior infrastructure performance with deep technical expertise to accelerate breakthroughs and turn compute into capability. Founded in 2017, Core Weave became a publicly traded company (Nasdaq: CRWV) in March 2025.

Learn more at

What You’ll Do:

The Security Foundations organization at Core Weave keeps Core Weave Cloud secure by design, from data centers and GPU fleets to the platform layers powering our customers’ AI workloads. The PKI & Secrets team owns the cryptographic infrastructure underpinning the confidentiality, integrity, and authenticity of Core Weave’s data and systems: PKI, secrets management, HSMs, key management, and code signing.

We partner with teams across the company to deliver cryptographic services that are secure, reliable, and easy to use at scale.

About the Role:

As a Senior Security Engineer on the PKI & Secrets team, you will shape how Core Weave manages cryptographic infrastructure across its global fleet. You’ll design and operate PKI hierarchies, secrets management platforms, HSM infrastructure, and key management systems; working hands‑on with engineering teams to integrate these capabilities into their services and workflows.

In this role, you will:
  • Contribute to the design, implementation, and operation of Core Weave’s PKI infrastructure, including CA hierarchies, issuance policies, certificate lifecycle management, and trust distribution across Kubernetes clusters and bare‑metal hosts.
  • Manage and evolve secrets management platforms, including access policies, secret lifecycle governance, and integration patterns using External Secrets Operator and cert‑manager.
  • Operate and scale HSM infrastructure, including PKCS#11 integration, key ceremony procedures, and high‑availability designs backing our certificate authorities and signing services.
  • Contribute to the design of key management and data encryption solutions for internal and customer‑facing use cases, including envelope encryption and KMS API design.
  • Deliver PKI‑based solutions supporting workload identity, mutual TLS, and hardware attestation.
  • Maintain and extend code signing infrastructure for firmware images, UEFI binaries, container images, and application binaries.
  • Develop and enforce cryptographic best practices and policies, and contribute to post‑quantum cryptography readiness.
Who You Are:
  • (5)+ years of experience in security engineering or infrastructure engineering.
  • Strong understanding of PKI concepts including CA hierarchies, certificate profiles, issuance policies, revocation, and trust distribution.
  • Hands‑on experience operating Hashi Corp Vault or similar secrets management platforms in production.
  • Experience with hardware security modules (HSMs), PKCS#11 interfaces, and key ceremony procedures.
  • Solid understanding of applied cryptography: symmetric and asymmetric algorithms, digital signatures, envelope encryption, and TLS.
  • Proficiency in Go, Python, or similar languages, with the ability to build production tooling and automation.
  • Experience with Kubernetes, including cert‑manager, trust‑manager, or External Secrets Operator.
  • Demonstrated ability to drive cross‑functional initiatives across infrastructure, platform, and product teams.
Preferred
  • Experience operating PKI backed by HSMs in a cloud provider or hyperscaler environment.
  • Familiarity with code signing workflows (Authentic ode, Cosign/Sigstore, transparency logs, time stamping).
  • Experience with KMS design, including customer‑managed keys and multi‑tenant key isolation.
  • Understanding of hardware attestation and workload identity (TPM, SPDM, SPIFFE/SPIRE).
  • Exposure to post‑quantum cryptography standards and migration planning.
Wondering if you’re a good fit?

We believe in investing in our people, and value candidates who can bring their own diversified experiences to our teams, even if you aren’t a 100% skill or experience match. If some of this describes you, we’d love to talk.

  • Y…
Position Requirements
10+ Years work experience
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)
0
200
Filters
Education Level
Experience Level (years)
Posted in last:
Salary