​​​​​​​PKI Developer

About The Position

Requirements

• Bachelor’s degree in Computer Science, Engineering, Cybersecurity, or equivalent professional experience
• 5 or more years of hands-on experience designing and operating PKI systems using EJBCA or comparable CA and RA platforms
• 8 or more years of experience with programming or scripting languages such as Python, Go, or Java
• Deep understanding of PKI internals including X.509 certificates, trust chains, CRLs, OCSP, certificate templates, and key usage extensions
• Experience with certificate enrollment protocols such as SCEP, EST, ACME, or CMP
• Experience designing or implementing certificate lifecycle automation and CLM workflows
• Familiarity with HSM integration, key escrow, and secure key storage practices
• Strong Linux experience and proficiency with version control systems such as Git
• Experience integrating PKI services within cloud environments such as AWS
• Solid understanding of DevOps practices, CI/CD pipelines, monitoring, and production system ownership
• Strong communication skills and ability to work directly with enterprise clients

Nice To Haves

• Experience with hardware-backed security mechanisms including TPMs, HSMs, or secure enclaves
• Experience implementing PKI in Kubernetes, service mesh, or workload identity environments
• Exposure to device attestation, platform security, or secure boot technologies
• Familiarity with security and compliance frameworks such as NIST, ISO, or SOC 2
• Awareness of common security vulnerabilities and secure design principles
• General understanding of identity, Zero Trust, multi-factor authentication, and secrets management

Responsibilities

• Design, implement, and enhance enterprise PKI infrastructure including certificate authorities, registration authorities, OCSP responders, and CRL distribution
• Contribute to PKI architecture decisions supporting scalable, highly available identity and trust services
• Define technical roadmaps for certificate lifecycle automation, key management, and high-assurance identity use cases
• Develop and maintain automated certificate provisioning, renewal, revocation, monitoring, and audit logging
• Support certificate enrollment protocols including SCEP, EST, ACME, and CMP
• Enable certificate-based authentication for enterprise platforms, services, workloads, and devices
• Build and maintain software services and automation supporting PKI operations
• Develop APIs, workflows, and tooling to integrate PKI services into enterprise systems
• Apply DevOps practices including CI/CD, monitoring, and operational ownership of production systems
• Collaborate with security architects and infrastructure teams to align PKI solutions with policy and compliance requirements
• Participate in incident response and troubleshooting related to certificate validation, trust failures, and service outages
• Support secure key management practices including HSM integration and secure enclaves
• Develop and maintain technical documentation, operational runbooks, and PKI standards
• Provide technical leadership, code reviews, and mentorship to engineering peers
• Communicate complex PKI concepts clearly to technical and non-technical stakeholders, including enterprise clients

Benefits

• Competitive salary