Target

LeadEngineer–KeyManagement&HSM

$132–238k Brooklyn Park, Minnesota, United States FULL TIME Remote Friendly

Market Sentiment

HIGH DEMAND

Neural analysis suggests this role is
optimal for Lead candidates.

The Brief

“Lead Engineer – Key Management & HSM at Target. Skills: enterprise key management, HSM-backed systems, key lifecycle management, cryptographic services, architecture, reliability, security. Lead the architecture and lifecycle management of enterprise key management platforms, including key generation and import, rotation, rewrap and rekey, escrow and backup, revocation and destruction, and auditability.. Design, integrate, and operate HSM-backed cryptographic services, including tenancy and part”

What You'll Achieve.

make it easy and safe for teams to use encryption and signing at scale; deliver secure, seamless cryptographic capabilities across the enterprise; ensuring our key management and cryptographic services can adapt to evolving algorithms, standards, and enterprise security requirements; reduce secret sprawl; raise the quality and security bar; Drive measurable improvements in reliability, security posture, and developer experience for cryptographic platforms.

Industry & Context.

Eligibility Requirements

Work duties cannot be performed outside of the country of the primary work location, unless otherwise prescribed by Target.

What They're Looking For.

Must Have

5+ years of software development and/or platform engineering experience, including hands-on work with enterprise key management and HSM-backed systems in production., Demonstrated expertise in enterprise key management and key lifecycle practices., Hands-on experience integrating with and operating Hardware Security Modules in production environments., Experience building and operating scalable, distributed systems with reliability practices, including observability, automation, and operational readiness., Proven ability to lead technical strategy, influence architecture, and mentor engineers.

Nice to Have

Experience with the Thales product suite., Experience building or operating encryption-as-a-service capabilities., Experience with PKI platforms such as Keyfactor EJBCA, Windows ADCS, Venafi, Vault PKI, or equivalent solutions., PKI fundamentals and certificate lifecycle automation, including issuance, renewal, revocation, and OCSP/CRL., Proficiency in Go, Java, or Python., Experience with secrets platforms such as HashiCorp Vault or Google Secret Manager and secret rotation patterns., Experience with cloud-native security architecture, including Kubernetes, service identity, mTLS, and workload authentication.

What You'll Do.

Lead the architecture and lifecycle management of enterprise key management platforms

including key generation and import

revocation and destruction

and operate HSM-backed cryptographic services

including tenancy and partitioning

high availability and failover

performance and capacity planning

and secure operational controls.

Define and standardize integration patterns that reduce secret sprawl

including secure injection and rotation workflows

and paved-road adoption patterns in partnership with platform and application teams.

and best practices for cryptographic service consumption across teams

and application teams to enable secure cryptographic capabilities at scale.

Lead complex implementations

and raise the quality and security bar through architecture reviews and technical guidance.

Drive measurable improvements in reliability

and developer experience for cryptographic platforms.

How You'll Work.

Team & Collaboration

partner with platform, cloud, identity, and application teams; Partner across cloud, platform, identity, and application teams to enable secure cryptographic capabilities at scale.; in partnership with platform and application teams

Process & Methodology

Lead complex implementations

Full Job Description

The pay range is $132,000.00 - $238,000.00 Pay is based on several factors which vary based on position. These include labor markets and in some instances may include education, work experience and certifications. In addition to your pay, Target cares about and invests in you as a team member, so that you can take care of yourself and your family. Target offers eligible team members and their dependents comprehensive health benefits and programs, which may include medical, vision, dental, life insurance and more, to help you and your family take care of your whole selves. Other benefits for eligible team members include 401(k), employee discount, short term disability, long term disability, paid sick leave, paid national holidays, and paid vacation. Find competitive benefits from financial and education to well-being and beyond at [https://corporate.target.com/careers/benefits](https://corporate.target.com/careers/benefits). **About us:** Working at Target means helping all families discover the joy of everyday life. We bring that vision to life through our values and culture. Learn more about Target here. **Role summary:** As a Lead Engineer, you are the technical anchor for the engineering team that supports a product. You create, own, and evolve the application architecture that best serves the product’s functional and non-functional needs. You identify and drive architectural changes to accelerate feature development and improve reliability and quality. You have deep and broad engineering skills and can stand up an architecture end to end, while scaling your impact by mentoring engineers and acting as a force multiplier. Job duties may change at any time due to business needs. We are seeking a Lead Engineer to own our enterprise key management platform and make it easy and safe for teams to use encryption and signing at scale. This role is ideal for someone who deeply understands key lifecycle management and HSM-backed systems and enjoys building reliable, scala

Free ATS check

Applying for this Lead Engineer – Key Management & HSM role?

Most applicants get filtered before a human reads their resume. See if yours makes the cut.

Should you apply? AI reads your resume vs this job — match score, gaps to address, ATS keywords.

SKILL SIGNAL 76 detected · ranked by frequency

mTLS ×4

workload authentication ×4

enterprise key management ×3

HSM-backed systems ×3

key lifecycle management ×3

cryptographic services ×3

reliability ×3

key generation ×3

key import ×3

key rotation ×3

key rewrap ×3

key rekey ×3

key escrow ×3

key backup ×3

key revocation ×3

key destruction ×3

auditability ×3

HSM-backed cryptographic services ×3

tenancy ×3

partitioning ×3

high availability ×3

failover ×3

performance planning ×3

capacity planning ×3

secure operational controls ×3

integration patterns ×3

secret sprawl ×3

secure injection ×3

rotation workflows ×3

APIs ×3

SDKs ×3

certificate issuance ×3

BEHAVIOURAL

mentoring engineersacting as a force multiplierpartnering with teamsinfluence architecturementor engineers

Role Details

Seniority mid

Experience 5–15 yrs

Level Lead

Work Mode Hybrid/Flex for Your Day

Type FULL TIME

Salary Band 100k-150k

AI-Extracted Insights

Domain Areas

enterprise-key-managementhsm-backed-systemskey-lifecycle-managementcryptographic-servicespki-fundamentalscertificate-lifecycle-automation

How to Apply on Workday

Workday has a multi-step form — save your progress after every section.
"Apply With LinkedIn" can fail or lose data; manual entry is more reliable.
Watch for the "Submit for Review" final step — hitting "Save" alone does not submit.
Job requisition numbers are useful when following up with HR by email.

ANONYMOUS · UNFILTERED

What do employees actually say about Target?

Real rants from real employees. Read before you apply.

Read Company Rants →