Hands-On Lead Product Engineer (Key Management & Confidential Computing)

Important: EU/DE citizenship mandatory**

Why This Role Exists**

Confidential computing and secure AI are moving from research into real-world production — but the industry still lacks trustworthy, developer-friendly infrastructure for managing keys, identities, and secrets in encrypted environments. Today’s security tooling was not designed for confidential workloads running across multi-cloud platforms, trusted execution environments, and autonomous AI systems.

This role exists to change that.

As Lead Engineer for Key Management & Confidential Computing, you help define the security foundation that enables organizations to run their most sensitive applications — healthcare systems, regulated data platforms, sovereign AI, and critical infrastructure — with strong cryptographic guarantees and verifiable trust.

You bridge the gap between cutting-edge research and production-grade engineering, turning advanced cryptography and confidential computing concepts into real systems that developers can build on and enterprises can depend on. Your work lays the technical groundwork for a new generation of secure-by-default cloud infrastructure — where privacy, integrity, and trust are built into the platform itself, not bolted on later.

By shaping this core technology, you directly influence how secure digital infrastructure evolves in Europe and beyond — enabling innovation without compromising sovereignty, data protection, or user trust.

Role Overview

As Lead Product Engineer for Key Management & Confidential Computing, you are the technical owner and hands-on builder of enclaive’s next-generation vHSM Key and Workload Identity Management Service. You combine deep engineering expertise with pragmatic technical leadership — setting architectural direction, driving engineering quality, and mentoring a small but highly skilled team while actively contributing production code.

You shape how secure infrastructure is designed, implemented, and operated in confidential cloud and AI environments. Acting as both a technical authority and product-minded engineer, you translate complex security requirements into scalable, maintainable systems that meet real-world customer needs.

You will initially spend the majority of your time building core platform capabilities (approx. 80% hands-on engineering / 20% leadership), gradually evolving into a broader technical leadership role as the team grows.

In this role you will:

• Define and drive technical architecture and engineering standards for the vHSM platform
• Lead implementation of critical backend and platform components
• Guide and mentor engineers through design reviews, pair programming, and technical coaching
• Ensure long-term maintainability, security, and operational excellence
• Bridge product vision and engineering execution in close collaboration with founders
  Establish engineering best practices around secure development and distributed systems
• Help scale the engineering team and shape its technical culture

Tasks

Your Responsibilities

• Own the end-to-end product lifecycle — architecture, development, release, maintenance, and evolution
• Design and implement secure key management capabilities for confidential cloud and AI workloads
• Extend and maintain a vHSM–based platform tailored for confidential computing environments
• Collaborate closely with founders, engineers, and product stakeholders to define roadmap and priorities
• Build production-grade features including:
• Secrets and key lifecycle management
• Access control and identity integration
• Hardware-backed security and confidential computing integrations
• Secure APIs and automation interfaces
• Drive secure-by-design development practices, threat modeling, and code reviews
• Improve reliability, scalability, and performance of the service
• Establish CI/CD pipelines, testing strategies, and release processes
• Support customer deployments, troubleshooting, and technical enablement when needed
• Contribute to architectural decisions around confidential cloud infrastructure and AI security

Requirements

Technical Skills

• Strong hands-on backend or platform engineering experience
• Must: 8+ years Golang
• Typescript/Javascript, Rust are valuable
• Experience with KMS, HSMs, PKI, or secrets management systems
• Solid understanding of:
• Cloud-native architectures and Kubernetes environments
• Applied cryptography and key management concepts
• Secure system design and authentication/authorization models
• Experience building production-grade distributed systems
• Experience with infrastructure-as-code, CI/CD, and DevSecOps practices
• Familiarity with confidential computing, trusted execution environments, or hardware security modules is a strong plus, but not a necessity

Mindset & Working Style

• Product ownership mindset — you care about outcomes, not just code
• Comfortable working in a small, fast-moving startup environment
• Pragmatic decision-maker who balances innovation with reliability
• Strong communication skills and ability to work closely with intermediate engineers
• Willingness to take responsibility for long-term maintainability and operational excellence

Benefits

What We Offer

• Ownership of a core security product in a cutting-edge domain
• Lead, train and build a team
• Opportunity to shape confidential cloud and AI security infrastructure
• Small, highly technical team with real impact and autonomy
• Flexible working model and engineering-driven culture
• Direct collaboration with founders and deep technical influence on the roadmap
• Work with cutting-edge technology in confidential computing, secure AI, and multi-cloud security only few “geeks” currently know about