PKI Engineer

About Rakuten Symphony Germany

Rakuten empowers through technology.

Rakuten Symphony Germany is building a nationwide mobile network based on the industry-leading Symphony platform developed from Singapore and successfully deployed in Japan. Symphony is a fully virtualized, cloud-native telco platform at the cutting edge of technology: Rakuten partners with research organizations, start-ups, and SMEs through its Network Innovation Lab on the future of OpenRAN and autonomous networks of the future. We are in the process of deploying a nation-wide mobile network in Germany.

Your Role

As a PKI Engineer, you will be responsible for the design, implementation, operation, and continuous improvement of our Public Key Infrastructure services within a modern, containerized environment. You will ensure the secure and reliable management of digital certificates, keys, and cryptographic services as HSMs across Linux-based systems and Kubernetes platforms. Working closely with security, infrastructure, and NOC teams, you will contribute to strengthening our overall security posture while supporting business-critical services. In addition, you will design and operate enterprise secrets management and key management solutions to protect sensitive data, secrets, certificates and cryptographic material.

Your Responsibilities

• Design, implement, and operate enterprise-grade PKI solutions, including certificate lifecycle management.
• Manage and maintain Certificate Authorities (CAs), Registration Authorities (RAs), and related components.
• Automate certificate provisioning, renewal, and revocation processes.
• Integrate PKI services into Linux-based systems and containerized workloads.
• Deploy and operate PKI components within Kubernetes environments.
• Ensure high availability, scalability, and security of PKI platforms.
• Implement and maintain cryptographic standards, policies, and procedures.
• Monitor, troubleshoot, and resolve PKI-related incidents and performance issues.
• Collaborate with NOC and security teams to integrate PKI with other systems.
• Maintain technical documentation and support audits and compliance activities.
• Supporting other domains in operating the PKI solution.
• Design, implement, and operate centralized secrets management platform.
• Manage dynamic secrets, encryption keys, and secure service-to-service authentication mechanisms.
• Implement access control policies for secrets.
• Integrate secrets management solutions into Kubernetes.
• Support secure onboarding of applications to centralized authentication and authorization systems.

Requirements

• 5+ years of experience in the field of public key infrastructures, cryptographic methods and electronic certificates.
• Strong hands-on experience with Public Key Infrastructure (PKI) and certificate management.
• Strong hands-on experience with Hardware-Security-Modules (HSM).
• Solid expertise in Linux system administration.
• Practical experience with containers and Kubernetes.
• Good understanding of cryptographic concepts, standards, and best practices.
• Experience with automation and scripting (e.g., Bash, Python, or similar).
• Familiarity with high-availability architectures and secure system design.
• Experience integrating security services into cloud-native or microservices environments.
• Strong analytical and troubleshooting skills.
• Structured and security-focused working style.
• Experience integrating secrets management with container orchestration platforms.
• Experience implementing authentication methods such as certificate-based and token-based.