Cloud Engineer

About the role

This is a senior hands-on engineering role within Chevron's Digital Identity organization responsible for designing, operating, and modernizing enterprise-scale Public Key Infrastructure (PKI) and cryptographic services across cloud and hybrid environments. The role enables secure certificate lifecycle management, key protection, and identity-driven security controls, supporting Zero Trust adoption, phishing-resistant authentication, and protection of critical business workloads. Responsibilities for this position may include but are not limited to: PKI & Certificate Services Design, deploy, and manage enterprise PKI platforms (Microsoft ADCS, DigiCert, NDES, cloud-integrated services) Own certificate lifecycle management (issuance, renewal, revocation, compliance, automation) Implement post-quantum cryptography capabilities aligned to business and regulatory requirements Manage HSM-backed key protection and integration with key management systems Cloud & Hybrid Identity Integration Integrate PKI with Active Directory and Microsoft Entra ID for hybrid identity scenarios Enable certificate-based authentication for workloads, APIs, devices, VPN, and service accounts Align PKI services with Azure and multi-cloud security architectures Security Engineering & Zero Trust Implement phishing-resistant authentication using FIDO2, PIV, and certificate-based methods Support Conditional Access policies leveraging identity, device posture, and risk signals Advance Zero Trust maturity and continuous security posture improvement Privileged Access & Operational Security Integrate PKI with PAM solutions (e.g., Delinea) for secure service account authentication Support privileged access workstations and hardened admin environments Lead break-glass and recovery scenarios using secure access controls Automation, Reliability & Operations Drive automation using scripting, APIs, and orchestration to reduce manual processes Lead disaster recovery exercises, upgrades, and PKI platform modernization Provide advanced engineering support, incident response, and root cause analysis Leadership & Stakeholder Engagement Serve as a PKI subject matter expert within Digital Identity - Protection Collaborate across security, cloud, and operations teams Mentor engineers and contribute to standards and operational excellence Required Qualifications Bachelor's degree in Computer Science, Information Security, Engineering, or related field (or equivalent experience) 12-15 years in Identity & Access Management, PKI, or security infrastructure engineering Proven experience operating large-scale enterprise PKI environments Strong understanding of cryptography, authentication, and trust models Hands-on expertise with PKI platforms, HSM, key management, automation, Active Directory, and Microsoft Entra ID

Requirements

• Industry certifications in security or cloud (e.g., CISSP, Azure Security)
• Experience in regulated industries such as oil & gas or energy
• Knowledge of Zero Trust architecture, Conditional Access, and identity security engineering
• Familiarity with ITIL and operational processes in regulated environments
• Relocation Options
• Relocation will not be considered.
• International Considerations
• Expatriate assignments will not be considered.
• Chevron regrets that it is unable to sponsor employment Visas or consider individuals on time-limited Visa status for this position.
• U.S. Regulatory notice:
• We are committed to providing reasonable accommodations for qualified individuals with disabilities. If you need assistance or an accommodation, please email us at emplymnt@chevron.com .
• Chevron participates in E-Verify in certain locations as required by law.

Benefits

Additional Information

Chevron is accepting online applications for the Lead Cloud Engineer - PKI position through June 23, 2026 at 11:59 p.m. (Central Time).

Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at Chevron? Share your experience