Landis+Gyr

PKI / HSM Engineer

Landis+Gyr

full-time

Posted on:

Location Type: Office

Location: NurembergGermany

Visit company website

Explore more

AI Apply
Apply

Tech Stack

IoT

About the role

  • Design, maintain, and operate product PKI systems for certificate management, device identity, firmware signing, and software code signing.
  • Administer and manage Hardware Security Modules (HSMs) for secure key storage, signing, and provisioning.
  • Define and enforce key lifecycle management policies (generation, rotation, backup, retirement).
  • Integrate HSMs with CI/CD pipelines and manufacturing workflows for secure releases.
  • Manage enterprise-level certificate management tools (e.g., Keyfactor, Thales, EJBCA).
  • Collaborate with R&D and Manufacturing teams to design secure provisioning and traceability processes.
  • Provide documentation and audit evidence for product certifications (e.g., IEC 62443).
  • Stay ahead of cryptographic trends and evaluate post-quantum readiness strategies.

Requirements

  • 5+ years of experience with PKI infrastructure and HSM administration in product or manufacturing environments.
  • Strong knowledge of code signing, secure boot, and firmware integrity protection.
  • Hands-on experience with HSM platforms (Thales, Utimaco, Entrust, or similar).
  • Familiarity with PKI systems and certificate lifecycle management (Keyfactor, ADCS, EJBCA).
  • Solid understanding of cryptographic standards (X.509, PKCS#11/12, KMIP).
  • Experience integrating HSMs into CI/CD and manufacturing systems.
  • Excellent documentation skills and audit-ready mindset.
  • Preferred qualifications: Degree in Computer Science, Information Security, or related field.
  • Experience with post-quantum cryptography assessments or migration planning.
  • Background in embedded or industrial systems (IoT, smart metering, OT).
  • Knowledge of compliance frameworks (IEC 62443, ISO 27001).
Benefits
  • Health insurance
  • Flexible work hours
  • Professional development opportunities

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard skills
PKI infrastructureHSM administrationcode signingsecure bootfirmware integrity protectioncryptographic standardscertificate lifecycle managementpost-quantum cryptographyembedded systemsindustrial systems
Soft skills
documentation skillsaudit-ready mindsetcollaboration
Certifications
Degree in Computer ScienceDegree in Information SecurityIEC 62443ISO 27001