Sr. Software Engineer, Public Key Infrastructure; PKI

Sr. Software Engineer, Public Key Infrastructure (PKI)

To get the best candidate experience, please consider applying for a maximum of 3 roles within 12 months to ensure you are not duplicating efforts.

Salesforce is the #1 AI CRM, where humans with agents drive customer success together. Here, ambition meets action. Tech meets trust. And innovation isn’t a buzzword — it’s a way of life. The world of work as we know it is changing and we're looking for Trailblazers who are passionate about bettering business and the world through AI, driving innovation, and keeping Salesforce's core values at the heart of it all.

Ready to level-up your career at the company leading workforce transformation in the agentic era? You’re in the right place! Agentforce is the future of AI, and you are the future of Salesforce.

* IN SCHOOL OR GRADUATED WITHIN THE LAST 12 MONTHS? PLEASE VISIT FUTURE FORCE FOR OPPORTUNITIES*

The Enterprise Security Technology team builds and operates highly scalable, fault-tolerant, distributed systems to deliver cloud-scale security software across multiple public cloud platforms and Salesforce’s internal infrastructure.

Our key investments are in the area of Identity & Access and Public Key Infrastructure where we design and implement consistent and scalable services for Salesforce Enterprise, integrating our IT network, public cloud infrastructure and our own data centers, and empowering all our engineers to operate these environments in a secure manner.

We are seeking a Senior Software Engineer with hands‑on experience in Enterprise grade Public Key Infrastructure (PKI) technologies. In this role, you will contribute to the development, automation, and support of PKI and certificate lifecycle management capabilities across the enterprise environment. The role involves strong collaboration with security, infrastructure, and application teams to ensure secure authentication, encryption, and digital trust within our systems.

• Contribute to the implementation, development, deployment, configuration, and enhancement of EJBCA-based PKI infrastructure, including CA hierarchies, RA functions, OCSP responders, and CRL distribution.
• Develop and maintain certificate lifecycle automation, including provisioning, renewal, revocation, monitoring, and audit logging.
• Support internal stakeholders with certificate enrollment workflows (SCEP, EST, ACME, CMP) and usage patterns.
• Help integrate certificate‑based authentication into enterprise platforms, services, and workloads.
• Support certificate lifecycle management processes for internal clients, applications, and devices.
• Collaborate with security architects, infrastructure, and application teams to align PKI solutions with organizational policies and compliance requirements.
• Participate in incident response and troubleshooting for PKI‑related issues such as certificate validation failures or service outages.
• Contribute to documentation, operational runbooks, and standards for PKI operations.

• 5+ years of hands‑on experience in PKI systems, including EJBCA or similar CA/RA platforms.
• Strong understanding of X.509 certificates, CRLs, OCSP, certificate templates, trust chains and key usage extensions.
• Experience with enrollment protocols such as SCEP, EST, ACME, or CMP.
• Familiarity with certificate lifecycle automation, workflows or CLM platforms and APIs.

Familiarity with HSM integration, key escrow, and secure enclaves.

Understanding of PKI use cases for TLS/mTLS, device identity, Wi‑Fi/EAP, VPN, code signing, workload identity, etc.

Proficiency with Linux environments and version control systems (e.g., Git).

Familiarity with cloud environments (AWS) and how PKI integrates with cloud services.

Solid understanding of Dev Ops practices, CI/CD, monitoring, and ownership of production systems.

• Experience with hardware‑backed security mechanisms such as TPM, HSM, or secure enclaves.
• Experience with PKI in Kubernetes or service mesh environments (e.g., Istio,…