PKI Compliance and Automation Engineer

Job summary

Join our Certificate Authority Industry Standards team to learn and grow while contributing to compliance automation. You’ll assist in reading code for issuance microservices and certificate lifecycle pipelines. You’ll work closely with Product and Engineering teams to translate CA/Browser Forum requirements, Root Program policies, and CP/CPS controls into policy-as-code guardrails, pre-issuance validators, and automated evidence that make non-compliance impossible to ship. This role offers hands-on experience in PKI compliance engineering.

What you will do

• Code & Config Compliance Reviews (PKI-specific): Validate code against CA/B Forum BRs, EV Guidelines, S/MIME BRs, Root Program policies, RFC 5280, and CP/CPS.
• Support development of policy-as-code rules under guidance from senior engineers.
• Help integrate compliance checks into CI/CD pipelines.
• Participate in building automated evidence collection for audits.
• Implement validators and monitors for certificate lifecycle operations to ensure continuous compliance.
• Collaborate with team to improve developer experience and reduce false positives.

What you will have

• Bachelor’s degree in Computer Science, Software Engineering, Information Security, or equivalent practical experience.
• 2+ years of experience in software development, security, or compliance engineering.
• Ability to read and understand code (Python, Go, Java, or similar languages).
• Familiarity with PKI concepts (certificate lifecycle, Domain Control Verification methods) and eagerness to learn CA/Browser Forum standards.
• Exposure to CI/CD pipelines and willingness to learn compliance automation tools.
• Curiosity and willingness to learn PKI compliance engineering.
• Standards Translation: Turn industry policies into precise policy-as-code.
• Technical Analysis: Parse complex issuance code paths, DCV implementations, and profile renderers.
• Basic understanding of security principles and automation mindset to build reliable shift-left guardrails that block non-compliance pre-merge and pre-issuance.
• Attention to detail when reviewing code and configurations.
• Strong communication skills and ability to work in a team environment.

Nice to have

• Some experience with PKI tools such as zlint/cablint, OpenSSL/CFSSL, ASN.1 tooling, RFC 5280 path validation test suites.
• Hands-on experience is a plus but not required—mentorship will be provided.
• Kubernetes/cloud experience (OPA Gatekeeper/Kyverno, AWS/Azure/GCP).
• HSM operations (PKCS#11), FIPS 140-2/140-3 familiarity.

Benefits

• Generous time off policies
• Top shelf benefits
• Education, wellness and lifestyle support

#LI-KK1