PKI Developer
Full Time • Fully Remote - US
Benefits:
- Competitive salary
Location
Remote
Remote
Experience Level
Senior Level (8 or more years of relevant engineering experience)
Senior Level (8 or more years of relevant engineering experience)
Role Overview
The Lead or Senior Software Engineer – Public Key Infrastructure is responsible for designing, developing, automating, and supporting enterprise-grade PKI and certificate lifecycle management services. This role emphasizes deep understanding of PKI internals rather than tool administration and requires strong software engineering capability. The position works closely with security, infrastructure, and application teams and interacts directly with enterprise clients, requiring clear communication, technical depth, and a strong professional presence.
The Lead or Senior Software Engineer – Public Key Infrastructure is responsible for designing, developing, automating, and supporting enterprise-grade PKI and certificate lifecycle management services. This role emphasizes deep understanding of PKI internals rather than tool administration and requires strong software engineering capability. The position works closely with security, infrastructure, and application teams and interacts directly with enterprise clients, requiring clear communication, technical depth, and a strong professional presence.
Key Responsibilities
PKI Architecture & Engineering
- Design, implement, and enhance enterprise PKI infrastructure including certificate authorities, registration authorities, OCSP responders, and CRL distribution
- Contribute to PKI architecture decisions supporting scalable, highly available identity and trust services
- Define technical roadmaps for certificate lifecycle automation, key management, and high-assurance identity use cases
Certificate Lifecycle Automation
- Develop and maintain automated certificate provisioning, renewal, revocation, monitoring, and audit logging
- Support certificate enrollment protocols including SCEP, EST, ACME, and CMP
- Enable certificate-based authentication for enterprise platforms, services, workloads, and devices
Software Development & Automation
- Build and maintain software services and automation supporting PKI operations
- Develop APIs, workflows, and tooling to integrate PKI services into enterprise systems
- Apply DevOps practices including CI/CD, monitoring, and operational ownership of production systems
Security Integration & Incident Support
- Collaborate with security architects and infrastructure teams to align PKI solutions with policy and compliance requirements
- Participate in incident response and troubleshooting related to certificate validation, trust failures, and service outages
- Support secure key management practices including HSM integration and secure enclaves
Documentation, Leadership & Collaboration
- Develop and maintain technical documentation, operational runbooks, and PKI standards
- Provide technical leadership, code reviews, and mentorship to engineering peers
- Communicate complex PKI concepts clearly to technical and non-technical stakeholders, including enterprise clients
Required Qualifications
- Bachelor’s degree in Computer Science, Engineering, Cybersecurity, or equivalent professional experience
- 5 or more years of hands-on experience designing and operating PKI systems using EJBCA or comparable CA and RA platforms
- 8 or more years of experience with programming or scripting languages such as Python, Go, or Java
- Deep understanding of PKI internals including X.509 certificates, trust chains, CRLs, OCSP, certificate templates, and key usage extensions
- Experience with certificate enrollment protocols such as SCEP, EST, ACME, or CMP
- Experience designing or implementing certificate lifecycle automation and CLM workflows
- Familiarity with HSM integration, key escrow, and secure key storage practices
- Strong Linux experience and proficiency with version control systems such as Git
- Experience integrating PKI services within cloud environments such as AWS
- Solid understanding of DevOps practices, CI/CD pipelines, monitoring, and production system ownership
- Strong communication skills and ability to work directly with enterprise clients
Preferred Qualifications
- Experience with hardware-backed security mechanisms including TPMs, HSMs, or secure enclaves
- Experience implementing PKI in Kubernetes, service mesh, or workload identity environments
- Exposure to device attestation, platform security, or secure boot technologies
- Familiarity with security and compliance frameworks such as NIST, ISO, or SOC 2
- Awareness of common security vulnerabilities and secure design principles
- General understanding of identity, Zero Trust, multi-factor authentication, and secrets management
Core Skills & Attributes
- Deep technical understanding of PKI internals beyond tool administration
- Strong software engineering mindset with an automation-first approach
- Ability to design scalable, fault-tolerant security services
- Clear, confident communicator with strong client-facing presence
- Collaborative approach across security, infrastructure, and application teams
- Ownership mentality for production systems and long-term maintainability
This is a remote position.
Established in 2004, Smart Tech Skills is a top technology and professional services firm specializing in innovative technologies.
Headquartered in Marlborough, MA, the company effectively addresses clients’ technology needs nationwide, making advanced technology management easier.
Headquartered in Marlborough, MA, the company effectively addresses clients’ technology needs nationwide, making advanced technology management easier.
(if you already have a resume on Indeed)