Apply

Ready to go for it?

AI Apply speeds things up—apply directly if you prefer.

FREE ACCESS
5,000–10,000 jobs/day
JobTailor Logo

See all jobs on JobTailor

Search thousands of fresh jobs every day.

Discover
  • Fresh listings
  • Fast filters
  • No subscription required
Create a free account and start exploring right away.
Salesforce

Lead Software Engineer, Enterprise PKI

Salesforce

Senior Software Engineer focusing on Enterprise grade Public Key Infrastructure technologies at Salesforce. Collaborating on design and automation of PKI and certificate lifecycle management capabilities.

Posted 4/16/2026full-timeSan Francisco • California, New York, Washington • 🇺🇸 United StatesSenior💰 $148,500 - $260,100 per yearWebsite

Tech Stack

Tools & technologies
AWSCloudCyber SecurityGoJavaLinuxPython

About the role

Key responsibilities & impact
  • Contribute to the Design, implementation, development, deployment, configuration, and enhancement of EJBCA-based PKI infrastructure, including CA hierarchies, RA functions, OCSP responders, and CRL distribution.
  • Define the technical roadmap for certificate lifecycle automation, secure key management, and high-assurance identity use cases.
  • Develop and maintain certificate lifecycle automation, including provisioning, renewal, revocation, monitoring, and audit logging.
  • Support internal stakeholders with certificate enrollment workflows (SCEP, EST, ACME, CMP) and usage patterns.
  • Help integrate certificate-based authentication into enterprise platforms, services, and workloads.
  • Support certificate lifecycle management processes for internal clients, applications, and devices.
  • Collaborate with security architects, infrastructure, and application teams to align PKI solutions with organizational policies and compliance requirements.
  • Participate in incident response and troubleshooting for PKI-related issues such as certificate validation failures or service outages.
  • Develop & contribute to documentation, operational runbooks, and standards for PKI operations.

Requirements

What you’ll need
  • 5+ years of hands-on experience in PKI systems, including EJBCA or similar CA/RA platforms.
  • 8+ years of experience with scripting or programming languages (e.g., Python, Golang, Java)
  • Strong understanding of X.509 certificates, CRLs, OCSP, certificate templates, trust chains and key usage extensions.
  • Experience with enrollment protocols such as SCEP, EST, ACME, or CMP.
  • Familiarity with certificate lifecycle automation, workflows or CLM platforms and APIs.
  • Familiarity with HSM integration, key escrow, and secure enclaves.
  • Understanding of PKI use cases for TLS/mTLS, device identity, Wi-Fi/EAP, VPN, code signing, workload identity, etc.
  • Proficiency with Linux environments and version control systems (e.g., Git).
  • Familiarity with cloud environments (AWS) and how PKI integrates with cloud services.
  • Solid understanding of DevOps practices, CI/CD, monitoring, and ownership of production systems.
  • Bachelor’s degree in Computer Science, Engineering, Cybersecurity, or equivalent experience.

Benefits

Comp & perks
  • time off programs
  • medical, dental, vision
  • mental health support
  • paid parental leave
  • life and disability insurance
  • 401(k)
  • employee stock purchasing program

ATS Keywords

✓ Tailor your resume
Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools
PKI systemsEJBCAPythonGolangJavaX.509 certificatesSCEPESTACMECMP
Certifications
Bachelor’s degree in Computer ScienceBachelor’s degree in EngineeringBachelor’s degree in Cybersecurity