Lead Software Engineer, Enterprise PKI
San Francisco, New York, United States of America
Full Time
6 days ago
$148,500 - $260,100 USD
Visa Sponsor
Key skills
AWSCloudCyber SecurityJavaLinuxPythonGoGolangGitVersion ControlCI/CD
About this role
Role Overview
- Contribute to the Design, implementation, development, deployment, configuration, and enhancement of EJBCA-based PKI infrastructure, including CA hierarchies, RA functions, OCSP responders, and CRL distribution.
- Define the technical roadmap for certificate lifecycle automation, secure key management, and high-assurance identity use cases.
- Develop and maintain certificate lifecycle automation, including provisioning, renewal, revocation, monitoring, and audit logging.
- Support internal stakeholders with certificate enrollment workflows (SCEP, EST, ACME, CMP) and usage patterns.
- Help integrate certificate-based authentication into enterprise platforms, services, and workloads.
- Support certificate lifecycle management processes for internal clients, applications, and devices.
- Collaborate with security architects, infrastructure, and application teams to align PKI solutions with organizational policies and compliance requirements.
- Participate in incident response and troubleshooting for PKI-related issues such as certificate validation failures or service outages.
- Develop & contribute to documentation, operational runbooks, and standards for PKI operations.
Requirements
- 5+ years of hands-on experience in PKI systems, including EJBCA or similar CA/RA platforms.
- 8+ years of experience with scripting or programming languages (e.g., Python, Golang, Java)
- Strong understanding of X.509 certificates, CRLs, OCSP, certificate templates, trust chains and key usage extensions.
- Experience with enrollment protocols such as SCEP, EST, ACME, or CMP.
- Familiarity with certificate lifecycle automation, workflows or CLM platforms and APIs.
- Familiarity with HSM integration, key escrow, and secure enclaves.
- Understanding of PKI use cases for TLS/mTLS, device identity, Wi-Fi/EAP, VPN, code signing, workload identity, etc.
- Proficiency with Linux environments and version control systems (e.g., Git).
- Familiarity with cloud environments (AWS) and how PKI integrates with cloud services.
- Solid understanding of DevOps practices, CI/CD, monitoring, and ownership of production systems.
- Bachelor’s degree in Computer Science, Engineering, Cybersecurity, or equivalent experience.
Tech Stack
- AWS
- Cloud
- Cyber Security
- Java
- Linux
- Python
- Go
Benefits
- time off programs
- medical, dental, vision
- mental health support
- paid parental leave
- life and disability insurance
- 401(k)
- employee stock purchasing program