Landis+Gyr

PKI/HSM Engineer

Landis+Gyr

full-time

Posted on:

Location Type: Office

Location: PragueCzech

Visit company website

Explore more

AI Apply
Apply

About the role

  • Design, maintain, and operate product PKI systems for certificate management, device identity, firmware signing, and software code signing.
  • Administer and manage Hardware Security Modules (HSMs) for secure key storage, signing, and provisioning.
  • Define and enforce key lifecycle management policies (generation, rotation, backup, retirement).
  • Integrate HSMs with CI/CD pipelines and manufacturing workflows for secure releases.
  • Manage enterprise-level certificate management tools (e.g., Keyfactor, Thales, EJBCA).
  • Collaborate with R&D and Manufacturing teams to design secure provisioning and traceability processes.
  • Provide documentation and audit evidence for product certifications (e.g., IEC 62443).

Requirements

  • 5+ years of experience with PKI infrastructure and HSM administration in product or manufacturing environments.
  • Strong knowledge of code signing, secure boot, and firmware integrity protection.
  • Hands-on experience with HSM platforms (Thales, Utimaco, Entrust, or similar).
  • Familiarity with PKI systems and certificate lifecycle management (Keyfactor, ADCS, EJBCA).
  • Solid understanding of cryptographic standards (X.509, PKCS#11/12, KMIP).
  • Experience integrating HSMs into CI/CD and manufacturing systems.
  • Excellent documentation skills and audit-ready mindset.
Benefits
  • You will work on mission-critical cryptographic infrastructure for innovative products.
  • You will collaborate with cross-functional teams in R&D, Manufacturing, and OT.
  • You will drive security maturity and compliance in a global technology environment.

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard skills
PKI infrastructureHSM administrationcode signingsecure bootfirmware integrity protectioncryptographic standardscertificate lifecycle managementkey lifecycle managementCI/CD integrationsecure provisioning
Soft skills
documentation skillsaudit-ready mindsetcollaboration
Certifications
IEC 62443