×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cybersecurity Systems Engineer Cloud Computing

Sr. Software Engineer, Public Key Infrastructure; PKI

Job in San Francisco, San Francisco County, California, 94199, USA
Listing for: Salesforce, Inc.
Full Time position
Listed on 2026-02-19
Job specializations:
  • IT/Tech
    Cybersecurity, Systems Engineer, Cloud Computing
Salary/Wage Range or Industry Benchmark: 200000 - 250000 USD Yearly USD 200000.00 250000.00 YEAR
Job Description & How to Apply Below
Position: Sr. Software Engineer, Public Key Infrastructure (PKI)
* To get the best candidate experience, please consider applying for a maximum of 3 roles within 12 months to ensure you are not duplicating efforts.
* Job Category Software Engineering Job Details
**** About Salesforce
**** Salesforce is the #1 AI CRM, where humans with agents drive customer success together. Here, ambition meets action. Tech meets trust. And innovation isn’t a buzzword — it’s a way of life. The world of work as we know it is changing and we're looking for Trailblazers who are passionate about bettering business and the world through AI, driving innovation, and keeping Salesforce's core values at the heart of it all.
** FOR OPPORTUNITIES *
* ** About the team
** The Enterprise Security Technology team builds and operates highly scalable, fault-tolerant, distributed systems to deliver cloud-scale security software across multiple public cloud platforms and Salesforce’s internal infrastructure.  Our key investments are in the area of Identity & Access and Public Key Infrastructure where we design and implement consistent and scalable services for Salesforce Enterprise, integrating our IT network, public cloud infrastructure and our own data centers, and empowering all our engineers to operate these environments in a secure manner.

** About the position
** We are seeking a Senior Software Engineer with hands-on experience in Enterprise grade Public Key Infrastructure (PKI) technologies. In this role, you will contribute to the development, automation, and support of PKI and certificate lifecycle management capabilities across the enterprise environment. The role involves strong collaboration with security, infrastructure, and application teams to ensure secure authentication, encryption, and digital trust within our systems.

** What you will be doing:
*** Contribute to the implementation, development, deployment, configuration, and enhancement of EJBCA-based PKI infrastructur
** e**, including CA hierarchies, RA functions, OCSP responders, and CRL distribution.
* Develop and maintain certificate lifecycle automation, including provisioning, renewal, revocation, monitoring, and audit logging.
* Support internal stakeholders with certificate enrollment workflows (SCEP, EST, ACME, CMP) and usage patterns.
* Help integrate certificate-based authentication into enterprise platforms, services, and workloads.
* Support certificate lifecycle management processes for internal clients, applications, and devices.
* Collaborate with security architects, infrastructure, and application teams to align PKI solutions with organizational policies and compliance requirements.
* Participate in incident response and troubleshooting for PKI-related issues such as certificate validation failures or service outages.
* Contribute to documentation, operational runbooks, and standards for PKI operations.
** What you should have:
*** 5+ years of hands-on experience in PKI systems, including EJBCA or similar CA/RA platforms.
* Strong understanding of X.509 certificates, CRLs, OCSP, certificate templates, trust chains and key usage extensions.
* Experience with enrollment protocols such as SCEP, EST, ACME, or CMP.
* Familiarity with certificate lifecycle automation, workflows or CLM platforms and APIs
* Experience with scripting or programming languages (e.g.,
** Python, Golang, Java**)
* Familiarity with HSM integration, key escrow, and secure enclaves.
* Understanding of PKI use cases for TLS/mTLS, device identity, Wi-Fi/EAP, VPN, code signing, workload identity, etc.
* Proficiency with Linux environments and version control systems (e.g., Git).
* Familiarity with cloud environments (AWS) and how PKI integrates with cloud services.
* Solid understanding of Dev Ops practices, CI/CD, monitoring, and ownership of production systems.
** Nice to have:
*** Experience with hardware-backed security mechanisms such as TPM, HSM, or secure enclaves.
* Experience with PKI in Kubernetes or service mesh environments (e.g., Istio, SPIRE, cert-manager).
* Exposure to device attestation, platform security, or Secure Boot concepts.
* Familiarity with relevant security frameworks or compliance standards (e.g., NIST, ISO, SOC
2).
* Awareness of common…
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)

Job Posting Language
Employment Category
Education (minimum level)
Filters
Education Level
Experience Level (years)
Posted in last:
Salary
Advanced Search