Senior Infrastructure Engineer — Certification Authority
About The Position
Certainly is Fastly's publicly-trusted TLS certification authority, built on Boulder — the same open-source ACME server that powers Let's Encrypt. Our team owns the entire stack: Go services, bare-metal and cloud infrastructure, monitoring, security tooling, database operations, and the compliance posture that keeps us trusted by every major browser and operating system. We operate under annual third-party audit and public accountability — our work is methodical, change-controlled, and documented. You'll bring engineering depth across infrastructure disciplines and apply it within a structured, compliance-driven environment where correctness is non-negotiable. This is high-impact work: your systems directly protect Fastly's customers and the broader internet.
Requirements
- Strong background operating and automating Linux infrastructure, with experience managing the full lifecycle of production systems.
- Software development capability in Go, Python, or a comparable systems language — you read unfamiliar codebases, debug production issues, and build tools to solve operational problems
- Experience with container orchestration (Docker Compose or Kubernetes) in production, including multi-environment promotion workflows
- Demonstrated ability to work within structured change management: you document changes before executing, test in staging, and follow defined procedures
- Clear technical writing — design documents, runbooks, audit evidence, and incident reports that communicate precisely to both engineering peers and non-technical reviewers
Nice To Haves
- Relational database administration (replication, major version upgrades, failover orchestration)
- Applied cryptography or PKI operations — key ceremonies, HSM configuration, X.509 certificate lifecycle
- Monitoring system design (metrics pipelines, dashboards, alert routing)
- Working within audited or regulated environments where your engineering decisions face external scrutiny (WebTrust, SOC 2, FedRAMP, PCI)
- Multi-datacenter infrastructure with defined failover and disaster recovery procedures
Responsibilities
- Build, upgrade, and maintain production infrastructure across multiple datacenters and cloud — databases, container runtimes, operating systems, and security tooling — following change control procedures from staging through production
- Develop and maintain Go services within our ACME server, contribute patches upstream, and build internal automation tooling in Go, Python and Bash
- Own cryptographic operations including key ceremonies and HSM management — work that demands precision and benefits from systematic execution
- Triage security vulnerabilities against our infrastructure, determine applicability, and drive remediation on defined timelines
- Operate and improve monitoring and alerting systems, participate in on-call rotation, and perform structured root cause analysis for production incidents
- Prepare and present technical evidence for annual WebTrust audits — demonstrate to external auditors how your systems satisfy compliance controls
Benefits
- medical, dental, and vision insurance
- Family planning
- mental health support
- Employee Assistance Program
- Life, Disability, and Accident Insurance
- Flexible Vacation policy
- up to 18 days of accrued paid sick leave
- 401(k) (including company match)
- Employee Stock Purchase Program
- 11 paid local holidays
- 12 paid company wellness days
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Senior
Education Level
No Education Listed
