STACKIT Platform Services - Secrets Manager & KMS - Software Engineer (m/f/d)

Your Tasks

• You design and develop our Key Management Service, focusing on secure key generation, lifecycle management (Key Rotation), and high-performance cryptographic operations.
• You implement and optimize complex data flows like Envelope Encryption, managing the relationship between Data Encryption Keys (DEKs) and Key Encryption Keys (KEKs) to provide multi-layered security.
• You develop Kubernetes operators to automate the entire lifecycle of the KMS and Secrets Manager, ensuring the service is self-healing, scalable, and easy to configure.
• You build and maintain robust REST APIs that allow customers to programmatically manage Key Rings, import external keys, and execute signing/verification workflows.
• You take ownership in an "You Build It - You Run It" environment, acting as the bridge between security engineering and SRE.
• You ensure that every cryptographic operation adheres to industry standards (AES, RSA, ECDSA, HMAC) and provides the necessary audit trails for sovereign cloud requirements.

Your Profile

• You have a deep enthusiasm for Software Engineering, Applied Cryptography, and Cloud-Native security.
• You actively own the entire software development lifecycle, go and k8s being your bread and butter - K8s operators are preferably a core part of your engineering toolkit.
• You are familiar with- or eager to master-cryptographic algorithms (AES-GCM, RSA-OAEP, ECDSA) and understand the logic behind secure key wrapping and transport.
• You understand that "sovereign" means more than just a location; you understand the auditing and compliance needs of managing secrets in a high-stakes cloud environment.
• You don't just look at code; you understand how data flows through a system, identifying potential bottlenecks in API body sizes or cryptographic overhead to ensure cost-efficiency and performance.
• You enjoy discovering new security standards and are excited about sharing your knowledge with the team.