Sr. PKI Machine Identity Engineer

Are you ready for what’s next?

Come explore opportunities within Brunswick, a global marine leader committed to challenging conventions and innovating next-generation technologies that transform experiences on the water and beyond. Brunswick believes “Next Never Rests™,” and we offer a variety of exciting careers and growth opportunities within united teams defining the future of marine recreation.

Location: Mettawa, IL

Workplace Category: Hybrid

Travel Required: None

Direct Reports: None

Pay Range: $103,200 - $144,000

Visa Sponsorship: Applicants must be currently authorized to work in the United States. This position is not eligible for employment visa sponsorship now or in the future.

Relocation: Not offered at this time

Innovation is the heart of Brunswick. See how your contributions will help transform vision into reality:

Position Overview :

As part of the talented Brunswick team, you will get to transform Public Key Infrastructure (PKI) into a core identity and trust control plane for the enterprise. The position leads the modernization of PKI to establish strong device trust and machine identity across hybrid environments, spanning on‑premises and cloud platforms. This role owns the PKI platform strategy, tooling, and full lifecycle management, while driving adoption across identity and access management (IAM), endpoint, network, and application teams. It supports a broad set of use cases, including device trust for VPN, Wi‑Fi, and endpoints; workload identity for mTLS and APIs; web and application enablement; and emerging non‑human and AI identities. This is a hands‑on leadership role that combines deep technical execution with cross‑functional delivery to embed identity and trust as foundational enterprise capabilities.

At Brunswick, we have passion for our work and a distinct ability to deliver.

Essential Functions:

PKI Architecture & Platform Ownership

• Design, implement, and operate enterprise PKI (ADCS and hybrid/cloud models).

• Define CA hierarchy (offline root, issuing CAs), trust models, templates, and issuance policies.

• Establish key protection strategies including HSM integration and secure key lifecycle.

• Integrate external certificate providers (e.g., Cloudflare, public CAs) into a unified architecture.

• Define and enforce enterprise PKI standards.

Certificate Lifecycle & Automation

• Implement automated discovery, issuance, renewal, and revocation across infrastructure, endpoints, apps, and web.

• Address certificate sprawl and shadow PKI with scalable discovery.

• Build monitoring and controls to eliminate certificate-related outages.

• Develop API-driven and scripted automation (PowerShell, Python, CI/CD).

Revocation, Resilience & Security

• Design and operate CRL/OCSP with high availability and performance.

• Manage CA lifecycle (rotation, recovery, compromise response).

• Support audit/compliance (NIST, ISO) and cryptographic standards.

• Lead threat modeling for PKI risks (key compromise, mis-issuance).

Device Trust & Access Integration

• Enable certificate-based authentication for VPN, Wi‑Fi (EAP‑TLS), endpoint/device trust, and web/app access.

• Integrate PKI signals into IAM decisioning (Conditional Access, identity policies).

• Drive enterprise-wide adoption of certificate-based controls.

Machine Identity & mTLS

• Design and implement mTLS for services, APIs, and internal platforms.

• Establish identity models for non-human identities (service accounts, APIs, automation).

• Support cloud-native/workload identity patterns (Kubernetes, service mesh).

• Build capabilities for AI-driven and autonomous systems.

Diversity of thought and experiences is fundamental when imagining the unimaginable. Certain skillsets/experiences are necessary; however, others can be developed along the way.

Required Qualifications:

• Bachelor’s degree in Computer Science, Information Systems, or a related field (or equivalent work experience).

• 8+ years in PKI, cybersecurity, or identity engineering.

• Deep hands-on experience with enterprise PKI (ADCS or equivalent).

• Strong understanding of X.509, trust chains, CA hierarchy, and crypto principles.

• Experience with lifecycle automation and discovery at scale.

• Experience with certificate-based authentication (VPN, EAP‑TLS, device certs, web/app).

• Proven cross-functional delivery across IAM, infrastructure, and security.

Preferred Qualifications:

• Secure key management experience.

• PKI lifecycle platforms (Keyfactor, Venafi).

• mTLS, workload identity, or SPIFFE/SPIRE exposure.

• Hybrid environments (on‑prem + cloud).

• Zero Trust, Conditional Access, and device trust familiarity.

• Audit/compliance experience.

The hiring range for this position is $103,200 to $144,000 annually. The actual base pay offered will vary based on multiple factors including job-related knowledge/skills, relevant experience, business needs, and geographic location. Compensation decisions are dependent upon the specifics of the candidate’s qualifications and the business context.

In addition to base pay, this position is eligible for an annual discretionary bonus. This position is eligible to participate in Brunswick's comprehensive and high-quality benefits offerings, including medical, dental, vision, paid vacation, 401k (up to 4% match), Health Savings Account (with company contribution), well-being program, product purchase discounts and much more. Details about our benefits can be found here.

Why Brunswick:

Whatever tomorrow brings, we’ll be at the leading edge. As the clear leader in the marine industry, we’re committed to our values and supporting our exceptional people. We offer and encourage growth opportunities within and across our many brands. In addition, we’re proud of being recognized for making a splash with numerous awards!

About Brunswick:

Brunswick Corporation is a leader in the marine industry, and we’re looking for people just like you to take part in the movement towards better boating for all. We rely on the thoughtful input of people from all backgrounds to create compelling, innovative products for our customers around the globe. As such, diversity, equity, and inclusion are priorities in the enduring culture of our company. As a world leader in emerging recreational products and technologies, when you join our team, you become part of some of the most innovative, forward-looking brands in the marine industry today.

Next is Now!

We value growth and development, recognizing that people come with a wealth of experience and talent beyond just the technical requirements of a job. If your experience is close to what you see listed here, please still consider applying.

Brunswick is an Equal Opportunity Employer and considers all qualified applicants for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, protected veteran status or any other characteristic protected by federal, state, or local law. Diversity of experience and skills combined with passion is key to innovation and inspiration and we encourage individuals from all backgrounds to apply. If you require accommodation during the application or interview process, please contact [email protected] for support.

For more information about EEO laws, - click here

Brunswick Corporation participates in E-Verify as part of our commitment to a lawful and transparent hiring process. For additional information click here:

Brunswick and Workday Privacy Policies

Brunswick does not accept applications, inquiries or solicitations from unapproved staffing agencies or vendors. For help, please contact our support team at: [email protected] or 866-278-6942.

All job offers will come to you via the candidate portal you create when applying through a posted position through If you are ever unsure about what is being required of you during the application process or its source, please contact HR Shared Services at 866-278-6942 or [email protected].