Key skills
PKI systemsApplied cryptographySecurity infrastructureGoPythonJavaC++HSM operationsAPI designCloud infrastructureSecurity certificationsSoft skillsCMLAWSAzureGCPTerraformKubernetesAnsibleCI/CDLeadership
About this role
GoDaddy is empowering everyday entrepreneurs around the world by providing the help and tools to succeed online. They are seeking a Principal Compliance Engineer - PKI with deep technical expertise to define requirements and guide the evolution of their Certificate Authority platform, focusing on compliance automation and cryptographic systems.
Responsibilities:
- Lead technical representation in the CA/Browser Forum and other industry standards bodies, contributing to protocol specifications and requirements development
- Translate CAB Forum requirements into detailed technical specifications and engineering requirements for development teams
- Define requirements for automated compliance validation systems and monitoring infrastructure
- Conduct deep-dive technical assessments of CA infrastructure, identifying architectural gaps, security vulnerabilities, and performance bottlenecks
- Define technical requirements for the evolution of certificate issuance pipelines, HSM integrations, and cryptographic key management systems
- Specify requirements for automated testing frameworks for compliance validation, including CT log integration, OCSP responder infrastructure, and revocation mechanisms
- Develop automation scripts for compliance testing and validation processes
- Define SLIs/SLOs focused on certificate issuance latency, system availability, and compliance metrics
- Document requirements for infrastructure-as-code solutions for CA deployment, disaster recovery, and high-availability architectures
- Research and define requirements for post-quantum cryptographic algorithms (e.g., ML-KEM, ML-DSA, SLH-DSA) and hybrid certificate chains
- Develop migration strategies and technical requirements for transitioning legacy cryptographic systems to next-generation algorithms
- Create technical specifications for proof-of-concept implementations for emerging standards (ACME extensions, certificate transparency v2, delegated credentials)
- Collaborate with cryptography researchers to evaluate algorithm performance, key sizes, and implementation trade-offs
- Define the technical requirements roadmap for CA platform capabilities including certificate lifecycle automation, API development, and integration frameworks
- Specify requirements for scalable APIs and automation tools for certificate issuance, renewal, and revocation workflows
- Document specifications for self-service platforms and tools to reduce manual intervention in certificate operations
- Develop automated testing scripts and define requirements for continuous compliance monitoring systems with automated remediation capabilities
- Partner with security engineering teams on threat modeling, secure coding practices, and vulnerability management
- Lead architecture reviews and technical design sessions with cross-functional engineering teams, providing requirements and guidance
- Establish technical documentation standards and compliance engineering requirements for CA-related systems
- Mentor engineers on PKI concepts, cryptographic implementations, and compliance engineering patterns
Requirements:
- 8+ years of hands-on engineering experience in PKI systems, applied cryptography, or security infrastructure with proven technical leadership and strong technical background in languages such as Go, Python, Java, or C++
- Deep expertise in PKI architecture including X.509 certificate structures, ASN.1 encoding, certificate chain validation, HSM operations, and cryptographic primitives
- Proven experience translating CA/Browser Forum Baseline Requirements into technical specifications, including controls for key generation, certificate issuance, and audit logging
- Systems engineering background with experience in distributed systems, API design, database architecture, and cloud infrastructure (AWS/GCP/Azure)
- Strong ability to define requirements for PKI protocols (ACME, Certificate Transparency, OCSP/CRL) and translate compliance requirements into technical specifications, detailed engineering requirements, and test automation scripts
- Advanced degree in Computer Science, Cryptography, Mathematics, or Electrical Engineering
- Experience researching and evaluating post-quantum cryptographic algorithms (NIST PQC finalists, hybrid modes)
- Security certifications such as CISSP, CEH, or specialized cryptography credentials
- Experience with security audit processes (WebTrust for CAs, ETSI EN 319 411) from a technical implementation perspective
- Contributions to PKI-related projects (Boulder, cert-manager, OpenSSL, BoringSSL, etc.)
- Experience defining requirements for high-availability systems design, hardware security modules (HSMs), and secure key ceremony procedures
- Knowledge of DevSecOps practices, CI/CD pipelines for security-critical systems, and infrastructure automation (Terraform, Kubernetes, Ansible)
- Familiarity with cryptographic libraries (OpenSSL, BoringSSL, PKCS#11) and performance considerations for cryptographic operations
- Experience developing test automation scripts for compliance validation