Sr. Software Engineer, Public Key Infrastructure (PKI)

About The Position

Requirements

• 5+ years of hands-on experience in PKI systems, including EJBCA or similar CA/RA platforms.
• Strong understanding of X.509 certificates, CRLs, OCSP, certificate templates, trust chains and key usage extensions.
• Experience with enrollment protocols such as SCEP, EST, ACME, or CMP.
• Familiarity with certificate lifecycle automation, workflows or CLM platforms and APIs
• Experience with scripting or programming languages (e.g., Python, Golang, Java)
• Familiarity with HSM integration, key escrow, and secure enclaves.
• Understanding of PKI use cases for TLS/mTLS, device identity, Wi-Fi/EAP, VPN, code signing, workload identity, etc.
• Proficiency with Linux environments and version control systems (e.g., Git).
• Familiarity with cloud environments (AWS) and how PKI integrates with cloud services.
• Solid understanding of DevOps practices, CI/CD, monitoring, and ownership of production systems.

Nice To Haves

• Experience with hardware-backed security mechanisms such as TPM, HSM, or secure enclaves.
• Experience with PKI in Kubernetes or service mesh environments (e.g., Istio, SPIRE, cert-manager).
• Exposure to device attestation, platform security, or Secure Boot concepts.
• Familiarity with relevant security frameworks or compliance standards (e.g., NIST, ISO, SOC 2).
• Awareness of common security weaknesses (OWASP Top 10, CWE Top 25).
• General understanding of core security concepts such as MFA, Zero Trust, and secrets management.

Responsibilities

• Contribute to the implementation, development, deployment, configuration, and enhancement of EJBCA-based PKI infrastructure, including CA hierarchies, RA functions, OCSP responders, and CRL distribution.
• Develop and maintain certificate lifecycle automation, including provisioning, renewal, revocation, monitoring, and audit logging.
• Support internal stakeholders with certificate enrollment workflows (SCEP, EST, ACME, CMP) and usage patterns.
• Help integrate certificate-based authentication into enterprise platforms, services, and workloads.
• Support certificate lifecycle management processes for internal clients, applications, and devices.
• Collaborate with security architects, infrastructure, and application teams to align PKI solutions with organizational policies and compliance requirements.
• Participate in incident response and troubleshooting for PKI-related issues such as certificate validation failures or service outages.
• Contribute to documentation, operational runbooks, and standards for PKI operations.

Benefits

• time off programs
• medical, dental, vision, mental health support
• paid parental leave
• life and disability insurance
• 401(k)
• employee stock purchasing program