REGEN TECH

Compensation

Full Description

Senior PKI Engineer (Corporate & Hardware Trust Infrastructure) Location: Remote Department: Software Department Reports to: Software Department Head About Regen Tech Regen Tech is building next-generation secure hardware and trust infrastructure that power institutional-grade security, digital assets, and trusted device ecosystems. At the core of our platform is a hardware-rooted trust model spanning chip manufacturing, device provisioning, firmware security, and enterprise integrations. To support this, Regen Tech is establishing a corporate-grade Public Key Infrastructure (PKI) that serves as the cryptographic backbone for products, partners, and customers. Role Overview We are looking for a Senior PKI Engineer to own the design, implementation, and operation of Regen Tech’s Corporate PKI System. This role is foundational. You will design and operate the root of trust for hardware and software ecosystems, covering HSM-backed root keys, certificate authorities, device identity, firmware signing, revocation, and OEM delegation. This is not a general security role — it is a deep PKI and trust infrastructure role with real architectural authority. Key ResponsibilitiesPKI Architecture & Trust Design • Design and maintain a tiered PKI hierarchy • Define and enforce key lifecycle policies: generation, storage, rotation, revocation, and destruction • Ensure strict separation between development, staging, and production PKI environments • Align PKI architecture with hardware-rooted identity models (secure elements, fuses, HSMs) Root of Trust & HSM Operations • Own and operate Tier 0 and Tier 1 root keys • Plan and execute multi-person (t-of-n) key ceremonies • Manage FIPS 140-3 Level 3+ HSMs (e.g., Thales, Utimaco, or equivalent) • Define secure backup, escrow, and disaster recovery strategies for critical keys Certificate Authority & Revocation Systems • Deploy and operate CA platforms (e.g., EJBCA, Google Cloud CAS, or equivalent) • Implement and maintain CRL and OCSP services • Define revocation SLAs and emergency response procedures • Design revocation models suitable for offline or constrained devices Manufacturing & Supply Chain Integration • Integrate PKI into chip and device manufacturing workflows • Secure CSR generation and certificate issuance from factory tooling • Enable and govern OEM / partner trust delegation (intermediate CAs) • Ensure full auditability from wafer → device → firmware Governance, Compliance & Audit • Author and maintain Key Management Policies (KMP) and PKI procedures • Support SOC 2, FIPS, ISO 27001, and customer security audits • Maintain immutable audit logs for all key and certificate operations • Participate in internal and external security reviews Cross-Functional Collaboration • Work closely with hardware, embedded, cloud, backend, and manufacturing teams • Act as the technical authority for cryptographic trust and identity • Support product, legal, and compliance stakeholders as needed Required Qualifications • 7+ years of experience in PKI, cryptographic infrastructure, or security engineering • Hands-on experience designing and operating PKI systems at scale • Deep knowledge of: • X.509 certificates, CAs, CRL, OCSP • Key ceremonies and quorum models • HSM-backed key management • Strong understanding of: • Secure boot, firmware signing, and attestation • Hardware-backed security (secure elements, TPMs, fuses) • Experience supporting regulated or audited environments Nice to Have • Experience with device PKI, IoT, smartcards, hardware wallets, or FIDO2 • Familiarity with manufacturing or supply-chain security • Experience designing OEM or partner trust models • Hybrid cloud + on-prem PKI experience • Prior ownership of PKI in a product or platform company Why Join Regen Tech • Build the cryptographic trust foundation of a hardware-first security platform • Work on real-world systems that secure devices, firmware, and institutions • High ownership, real architectural impact, and long-term relevance • Collaborate with experts across hardware, security, and distributed systems How to Apply If you are passionate about cryptographic trust, PKI, and hardware security, and want to build systems that matter, we’d love to hear from you. 📩 Apply by sending your resume or profile to careers@regentech.io.