Staff Cybersecurity Engineer
General Motors
full-time
Posted on:
Location Type: Hybrid
Location: Warren • Missouri • Texas • United States
Visit company websiteExplore more
Job Level
About the role
- Setting the technical vision and architecting, implementing, and operating scalable, highly available PKI and secrets management services for the enterprise.
- Owning design decisions that shape internal trust models, cryptographic architectures, and access patterns for the most sensitive data and systems.
- Defining, implementing, and continuously improving policies, processes, and controls for the full lifecycle of keys, certificates, and secrets across diverse platforms.
- Influencing and aligning engineering, infrastructure, and leadership teams to deliver robust, observable, and compliant cryptographic systems.
- Mentoring and developing engineers, raising the bar for technical excellence, and driving consistent best practices for cryptographic and secrets management across the organization.
- Advising senior leadership on long-term security architecture strategy, trade-offs, and investment priorities related to identity, PKI, and secrets management.
- Providing operational leadership, including participation in on-call rotations for global, mission-critical services and driving post-incident improvements.
- Leading HSM strategy, including architecture, platform selection, appliance consolidation, and multi-year roadmap planning in alignment with enterprise security and compliance goals.
Requirements
- Bachelor’s degree in Computer Science, Mathematics, Physics, or equivalent senior-level industry experience.
- 7+ years experience in enterprise security engineering or Site Reliability Engineering (SRE), with direct responsibility for high-availability security or cryptographic services.
- 7+ years experience with enterprise secrets management platforms (e.g., HashiCorp Vault, AWS Secrets Manager, Azure Key Vault, BeyondTrust), including architecture, operations, and integration at scale.
- Strong understanding of public-key cryptography, PKI, and modern cryptographic protocols, with the ability to make pragmatic, risk-informed design decisions.
- Demonstrated experience designing, operating, and evolving production PKI systems (root and issuing CAs, CRL/OCSP, certificate lifecycle, and policy governance).
- Proficiency with infrastructure-as-code (e.g., Terraform) and engineering practices that enable repeatable, auditable, and secure deployments.
- Working knowledge of major cloud platforms (AWS, GCP, Azure) and how to integrate PKI and secrets management with cloud-native services.
- Experience with containerization, orchestration (e.g., Kubernetes), and CI/CD workflows, including secure delivery patterns and secrets handling.
- Excellent communication skills, with a track record of presenting complex technical concepts, trade-offs, and recommendations to engineering and executive audiences.
- Strong threat modeling and security architecture skills, with the ability to anticipate abuse cases and design for resilience.
- Hands-on management, integration, and configuration experience with HSM platforms (Entrust, Thales, etc.), including key ceremonies, partitioning, and role design.
- Experience working with and implementing security standards and frameworks (e.g., FIPS 140-2/3, PCI-DSS, and related controls), and translating them into actionable technical requirements.
Benefits
- From day one, we're looking out for your well-being–at work and at home–so you can focus on realizing your ambitions.
Applicant Tracking System Keywords
Tip: use these terms in your resume and cover letter to boost ATS matches.
Hard Skills & Tools
PKIsecrets managementpublic-key cryptographycryptographic protocolsinfrastructure-as-codeTerraformcontainerizationKubernetesCI/CD workflowsHSM management
Soft Skills
communication skillsmentoringleadershipinfluencingtechnical excellenceproblem-solvingcollaborationstrategic advisingoperational leadershipthreat modeling