Senior PKI Engineer (Corporate & Hardware Trust Infra)

About Regen TechRegen Tech is building next-generation secure hardware and trust infrastructure that power institutional-grade security, digital assets, and trusted device ecosystems. At the core of our platform is a hardware-rooted trust model spanning chip manufacturing, device provisioning, firmware security, and enterprise integrations.To support this, Regen Tech is establishing a corporate-grade Public Key Infrastructure (PKI) that serves as the cryptographic backbone for products, partners, and customers. Role OverviewWe are looking for a Senior PKI Engineer to own the design, implementation, and operation of Regen Tech’s Corporate PKI System.This role is foundational. You will design and operate the root of trust for hardware and software ecosystems, covering HSM-backed root keys, certificate authorities, device identity, firmware signing, revocation, and OEM delegation.This is not a general security role — it is a deep PKI and trust infrastructure role with real architectural authority.Please note that this position is fully remote. Key ResponsibilitiesPKI Architecture & Trust DesignDesign and maintain a tiered PKI hierarchyDefine and enforce key lifecycle policies: generation, storage, rotation, revocation, and destructionEnsure strict separation between development, staging, and production PKI environmentsAlign PKI architecture with hardware-rooted identity models (secure elements, fuses, HSMs)Root of Trust & HSM OperationsOwn and operate Tier 0 and Tier 1 root keysPlan and execute multi-person (t-of-n) key ceremoniesManage FIPS 140-3 Level 3+ HSMs (e.g., Thales, Utimaco, or equivalent)Define secure backup, escrow, and disaster recovery strategies for critical keysCertificate Authority & Revocation SystemsDeploy and operate CA platforms (e.g., EJBCA, Google Cloud CAS, or equivalent)Implement and maintain CRL and OCSP servicesDefine revocation SLAs and emergency response proceduresDesign revocation models suitable for offline or constrained devicesManufacturing & Supply Chain IntegrationIntegrate PKI into chip and device manufacturing workflowsSecure CSR generation and certificate issuance from factory toolingEnable and govern OEM / partner trust delegation (intermediate CAs)Ensure full auditability from wafer → device → firmwareGovernance, Compliance & AuditAuthor and maintain Key Management Policies (KMP) and PKI proceduresSupport SOC 2, FIPS, ISO 27001, and customer security auditsMaintain immutable audit logs for all key and certificate operationsParticipate in internal and external security reviewsCross-Functional CollaborationWork closely with hardware, embedded, cloud, backend, and manufacturing teamsAct as the technical authority for cryptographic trust and identitySupport product, legal, and compliance stakeholders as needed