Staff Engineer - PKI Systems

Overview

Fastly helps people stay better connected with the things they love. Fastly’s edge cloud platform enables customers to create great digital experiences quickly, securely, and reliably by processing, serving, and securing our customers’ applications as close to their end-users as possible — at the edge of the Internet. The platform is designed to take advantage of the modern internet, to be programmable, and to support agile software development.

Fastly’s customers include many of the world’s most prominent companies, including Git Hub, Yelp, Paramount, and Jet Blue.

We're building a more trustworthy Internet. Come join us.

Posting Open Date: Feb. 9, 2026

Anticipated Posting Close Date: March 2, 2026

Note: Job posting may close early due to the volume of applicants.

As a Staff PKI Systems Engineer, you will help build and operate Certainly, Fastly’s publicly‑trusted TLS certification authority. Built on Boulder, the same open‑source software that powers Let’s Encrypt, Certainly delivers widely trusted, short‑validity certificates at scale to help secure the internet. You will own the architecture and operational excellence of complex PKI systems while mentoring a dedicated team of engineers.

Integrating deep security expertise with software development, you will solve ambiguous, internet‑facing engineering challenges to meet strict industry compliance and reliability goals. This is a high‑impact role where your designs will directly protect Fastly customers and the broader web.

• Own the design and implementation of security‑critical PKI infrastructure, including major refactors and new capabilities
• Lead cryptographic operations including key ceremonies, credential management, and multi‑datacenter failover procedures
• Drive technical strategy for system hardening, automation, and resilience across ephemeral, containerized microservices and HSM environments
• Investigate and solve complex, ambiguous engineering problems and production incidents, creating proof‑of‑concepts and performing root cause analysis with a focus on security, automation, observability and stability
• Collaborate with TLS client, SRE, Security, and Product Engineering teams to translate complex business requirements and compliance standards (Web Trust, PCI) and evolve our infrastructure
• Mentor team members and foster a culture of technical excellence, providing guidance on design, performance, and cross‑team collaboration

• Extensive experience designing, implementing, and maintaining distributed systems on Linux with a focus on automation and continuous monitoring. Most Staff Engineers at Fastly have more than 7 years of related experience.
• Strong software development background (Go or similar) with a track record of owning the design phases of broadly scoped work or major refactors
• Deep understanding of applied cryptography, PKI architecture, and standards such as RFC 5280 and RFC 8555 (ACME)
• Proven ability to lead technical decision‑making, write clear design documents, and influence architectural discussions across multiple teams
• Experience building highly secure environments, including vulnerability management, system hardening, and intrusion detection
• Demonstrated ability to mentor engineers and help them understand the impact of their work on customers and stakeholders

• Operating a publicly‑trusted CA or large‑scale PKI, particularly work with ACME
• Hardware Security Module (HSM) configuration and operation
• Go programming with experience debugging production systems
• High‑availability database administration
• Container orchestration in security‑sensitive environments
• Working in highly regulated environments (Web Trust, SOC 2, PCI)

• This position will require you to be available during core business hours in North America and occasional nights and weekends as needed for on‑call support.

This position is open to Hybrid And Remote Work Locations.

The preferred office locations for this position are:

• San Francisco, CA
• New York, NY
• Denver, CO

Fastly currently embraces a…