Lead Software Engineer, Enterprise PKI

🕒 April 16

🏢🏡 San Francisco – Hybrid

💵 $148.5k - $260.1k / year

⏰ Full Time

🟠 Senior

🧑‍💻 Full-stack Engineer

🦅 H1B Visa Sponsor

This company has sponsored H1B visas in the past.

Apply Now

Find Similar Remote Jobs

Receive Emails For Remote Jobs

📊 Check your resume score for this job

Improve your chances of getting an interview by checking your resume score before you apply.

Upload Resume

Salesforce

WebsiteLinkedInAll Job Openings

10,000+ employees

Founded 1999

☁️ SaaS

🤝 B2B

🤖 Artificial Intelligence

SaaS • B2B • Artificial Intelligence

Salesforce is a leading cloud-based software company that provides a comprehensive customer relationship management (CRM) platform. The platform connects all company data and teams on an integrated, AI-driven system to improve sales, customer service, and marketing efforts. Salesforce offers scalable solutions for businesses of all sizes, including small and medium enterprises, and provides industry-specific solutions to modernize operations, save time, and reduce costs. Salesforce also offers educational resources through Trailhead and a wide selection of apps on AppExchange to extend its CRM capabilities.

📋 Description

• Contribute to the Design, implementation, development, deployment, configuration, and enhancement of EJBCA-based PKI infrastructure, including CA hierarchies, RA functions, OCSP responders, and CRL distribution. • Define the technical roadmap for certificate lifecycle automation, secure key management, and high-assurance identity use cases. • Develop and maintain certificate lifecycle automation, including provisioning, renewal, revocation, monitoring, and audit logging. • Support internal stakeholders with certificate enrollment workflows (SCEP, EST, ACME, CMP) and usage patterns. • Help integrate certificate-based authentication into enterprise platforms, services, and workloads. • Support certificate lifecycle management processes for internal clients, applications, and devices. • Collaborate with security architects, infrastructure, and application teams to align PKI solutions with organizational policies and compliance requirements. • Participate in incident response and troubleshooting for PKI-related issues such as certificate validation failures or service outages. • Develop & contribute to documentation, operational runbooks, and standards for PKI operations.

🎯 Requirements

• 5+ years of hands-on experience in PKI systems, including EJBCA or similar CA/RA platforms. • 8+ years of experience with scripting or programming languages (e.g., Python, Golang, Java) • Strong understanding of X.509 certificates, CRLs, OCSP, certificate templates, trust chains and key usage extensions. • Experience with enrollment protocols such as SCEP, EST, ACME, or CMP. • Familiarity with certificate lifecycle automation, workflows or CLM platforms and APIs. • Familiarity with HSM integration, key escrow, and secure enclaves. • Understanding of PKI use cases for TLS/mTLS, device identity, Wi-Fi/EAP, VPN, code signing, workload identity, etc. • Proficiency with Linux environments and version control systems (e.g., Git). • Familiarity with cloud environments (AWS) and how PKI integrates with cloud services. • Solid understanding of DevOps practices, CI/CD, monitoring, and ownership of production systems. • Bachelor’s degree in Computer Science, Engineering, Cybersecurity, or equivalent experience.

🏖️ Benefits

• time off programs • medical, dental, vision • mental health support • paid parental leave • life and disability insurance • 401(k) • employee stock purchasing program