Cloud and DevOps Key Management Engineer

Summary

Join New Era Technology as a Key Management and DevOps Security Engineer, contributing to a large information security program. You will design, implement, and maintain robust key management systems, enhancing DevOps security practices. Collaborate with cross-functional teams to integrate secure practices into CI/CD pipelines, automate key lifecycles, and implement secrets management solutions. Ensure compliance with industry standards and best practices. This role requires expertise in cryptography, cloud KMS services, and DevOps tools. You will also create and maintain documentation and metrics for key management systems. The position offers the opportunity to work in a supportive, growth-oriented environment with a global team.

Requirements

• 3-5+ years of key management, DevOps security, and cloud security engineering experience
• Subject matter expert in cryptographic standards (AES, RSA, ECC), key management protocols (KMIP, PKCS#11), and HSM integration
• Subject matter expert in cloud KMS services (AWS KMS, Azure Key Vault, GCP KMS) and on-premise solutions
• Understanding of Identity Access Management and key management best practices, standards and processes
• Metrics, reporting and dashboard creation required
• Hands-on experience with secrets management tools (HashiCorp Vault, CyberArk) and CI/CD automation (Jenkins, GitHub Actions)
• Expertise in scripting (Python, PowerShell, Bash) for automating key lifecycle processes and integrating security into workflows
• Experience with Infrastructure as Code (Terraform, CloudFormation) and DevOps toolchains
• Must be able to create and maintain documentation on implementations
• Key management subject matter expert capable of implementing key lifecycle workflow automation processes based on cyber security best practices, standards
• Expertise in Public Key Infrastructure (PKI) and symmetric key management to support access management processes for cloud-based and on-premise IT infrastructures
• Must be able to create and maintain documentation on the implementation and operational/maintenance processes
• Ability to work autonomously and under pressure
• Ability to influence others and demonstrate leadership
• Excellent attention to detail
• Strong organizational skills
• Excellent analytical skills
• Excellent documentation skills; demonstrated proficiency in Microsoft Office including Word, Excel and PowerPoint
• Collaborative team worker – both in person and virtually using MS Teams or similar
• Ability to work as liaison between business and information security / information technology
• Flexibility to accommodate working across different time zones
• Excellent interpersonal communication skills with strong spoken and written English
• Business outcomes mindset
• Solid balance of strategic thinking with detail orientation
• Self-starter, ability to take initiative

Responsibilities

• Collaborate with DevOps, engineering, and security teams to integrate secure practices into CI/CD pipelines, ensure compliance with industry standards, and mitigate cryptographic risks
• Design and implement scalable key management systems (KMS) for both cloud (AWS, Azure, GCP, OCI, Alibaba) and on-premise environments
• Automate the entire key lifecycle (generation, rotation, distribution, revocation, and disposal) using scripting (Python, PowerShell, Bash) and DevOps tools
• Ensure integration with cryptographic libraries, HSMs (Hardware Security Modules), and cloud-native KMS services (e.g., AWS KMS, Azure Key Vault, etc.)
• Secure CI/CD pipelines by embedding encryption, secrets management, and key rotation into deployment pipelines (e.g., Jenkins, GitLab CI, Azure DevOps, etc.)
• Implement secrets management solutions (e.g., HashiCorp Vault, AWS Secrets Manager, etc.) to protect credentials and cryptographic material
• Enforce least privilege access and zero-trust principles in DevOps workflows
• Ensure compliance with standards such as NIST SP 800-57, ISO 27001, and PCI-DSS for cryptographic practices
• Partner with DevOps, engineering, and cloud teams to embed security into infrastructure as code (Terraform, Ansible) and automation workflows
• Work with IT and business teams to onboard applications and implement key management capabilities for cloud-based and on-premise applications and systems
• Document standard operating procedures for maintenance and onboarding of applications
• Create and track metrics for standardizing applications and systems onto key management systems

Preferred Qualifications

• Cybersecurity certifications such as CISSP, CISM a plus
• Experience working at a company with a global footprint and a large enterprise environment
• Experience with containerization (Docker, Kubernetes) and securing secrets in containerized environments (e.g., Kubernetes Secrets Management, Vault)
• Familiarity with modern DevSecOps practices, including SAST/DAST tools and vulnerability scanning (e.g., OpenSCAP, Tenable, etc.)
• Knowledge of post-quantum cryptography and evolving standards (NIST PQC)
• Experience with identity and access management (IAM) policies for key management systems