Sr. PKI Engineer, Infrastructure

We are seeking a highly motivated Engineer with expertise in Public Key Infrastructure (PKI) and Identity and Access Management (IAM) to join our dynamic team. The ideal candidate will have a strong background in PKI management, including expertise with EJBCA and Active Directory Certificate Services, as well as experience in managing digital certificates, symmetric and asymmetric keys and related security technologies. In this role, you will be responsible for designing, implementing, and maintaining solutions across the organization, ensuring secure identity management and encryption across various platforms and services. You will work closely with internal teams to integrate PKI with IAM systems, automate processes, and ensure high availability and security of our identity management infrastructure.

Responsibilities

• Design, implement, and manage comprehensive PKI environments, ensuring secure certificate lifecycle management, encryption, and access control. Leverage tools such as EJBCA and Active Directory Certificate Services (ADCS) for CA operations and certificate management
• Digital Certificate Lifecycle Management, Oversee the creation, distribution, revocation, and renewal of digital certificates across the organization. Ensure automated certificate management processes are in place to minimize downtime and risk
• Design, deploy, and integrate Key Management and HSM Services with customers, providing VM and payload encryption in addition to code and document signing and emerging use cases
• Integrate PKI solutions with Identity and Access Management (IAM) systems, including Active Directory, Azure AD, and other identity providers, to ensure secure access, authentication, and encryption across applications, services, and networks
• Collaborate with security teams to implement strong authentication protocols and access control policies, including RBAC and/or ABAC to enhance the security of enterprise systems
• Develop and implement automation for certificate generation, deployment, and management using scripting languages (e.g., PowerShell, Python), ensuring high availability and scalability of PKI services
• Monitor the security posture of PKI environments, identifying risks and implementing remediation strategies. Conduct regular security audits and ensure compliance with internal security policies and industry standards. Create reports, dashboards, and alerts using platforms like Splunk and Grafana to provide observability
• Actively participate in the 24/7 on-call rotation to provide expert-level support for PKI and IAM systems during outages, incidents, or security events. Conduct postmortem analysis and implement corrective actions as needed
• Maintain comprehensive documentation for PKI, HSM, and KMS processes, configurations, and policies. Develop detailed reports and dashboards to track system performance, certificate health, and security incidents
• Evaluate and manage relationships with vendors providing PKI and IAM solutions. Stay up to date with emerging technologies and implement best practices to enhance the security and efficiency of the identity management infrastructure

Requirements

• Bachelor's Degree in Computer Science, Information Security, or a related field; or equivalent work experience
• 5+ years of experience in PKI, Identity and Access Management (IAM), and security technologies, with a focus on enterprise-level PKI implementations
• Proven experience with EJBCA, Active Directory Certificate Services (ADCS), and other PKI management tools and platforms
• Expertise in digital certificate management, including generation, renewal, revocation, and security policies
• Strong knowledge of PKI architecture, certificate authorities (CAs), and certificate lifecycle management tools
• Experience with IAM platforms such as Active Directory, Azure AD, and other third-party identity providers
• Proficient in scripting languages like PowerShell (preferred), or other scripting languages for automating PKI processes and system administration tasks
• Strong understanding of network security protocols, encryption, and identity management standards such as SAML, OIDC, OAuth, and Kerberos
• Experience with cloud security (e.g., AWS, Azure) and managing security in multi-cloud or hybrid environments
• Experience with Identity Governance and Administration (IGA) solutions, including role-based access control (RBAC) and user lifecycle management

Compensation and Benefits
Benefits

Along with competitive pay, as a full-time Tesla employee, you are eligible for the following benefits at day 1 of hire:

• Aetna PPO and HSA plans > 2 medical plan options with $0 payroll deduction
• Family-building, fertility, adoption and surrogacy benefits
• Dental (including orthodontic coverage) and vision plans, both have options with a $0 paycheck contribution
• Company Paid (Health Savings Account) HSA Contribution when enrolled in the High Deductible Aetna medical plan with HSA
• Healthcare and Dependent Care Flexible Spending Accounts (FSA)
• 401(k) with employer match, Employee Stock Purchase Plans, and other financial benefits
• Company paid Basic Life, AD&D, short-term and long-term disability insurance
• Employee Assistance Program
• Sick and Vacation time (Flex time for salary positions), and Paid Holidays
• Back-up childcare and parenting support resources
• Voluntary benefits to include: critical illness, hospital indemnity, accident insurance, theft & legal services, and pet insurance
• Weight Loss and Tobacco Cessation Programs
• Tesla Babies program
• Commuter benefits
• Employee discounts and perks program
Expected Compensation

$111,200 - $433,680/annual salary + cash and stock awards + benefits

Pay offered may vary depending on multiple individualized factors, including market location, job-related knowledge, skills, and experience. The total compensation package for this position may also include other elements dependent on the position offered. Details of participation in these benefit plans will be provided if an employee receives an offer of employment.