PKI Compliance and Automation Engineer

Job Description

Who we are

DigiCert is a global leader in intelligent trust, helping organizations protect the digital interactions people rely on every day. From websites and cloud services to connected devices and critical systems, we make sure digital experiences are secure, private, and authentic.

Our AI-powered DigiCert ONE platform brings together certificates, DNS, and lifecycle management to help organizations stay ahead of risk as technology and threats evolve. Trusted by more than 100,000 organizations—including 90% of the Fortune 500—DigiCert helps businesses operate with confidence today while preparing for what’s next, including a quantum-safe future.

Job summary

Join our Certificate Authority Industry Standards team to learn and grow while contributing to compliance automation. You’ll assist in reading code for issuance microservices and certificate lifecycle pipelines. You’ll work closely with Product and Engineering teams to translate CA/Browser Forum requirements, Root Program policies, and CP/CPS controls into policy-as-code guardrails, pre-issuance validators, and automated evidence that make non-compliance impossible to ship. This role offers hands-on experience in PKI compliance engineering.

What you will do

• Code & Config Compliance Reviews (PKI-specific): Validate code against CA/B Forum BRs, EV Guidelines, S/MIME BRs, Root Program policies, RFC 5280, and CP/CPS.
• Support development of policy-as-code rules under guidance from senior engineers.
• Help integrate compliance checks into CI/CD pipelines.
• Participate in building automated evidence collection for audits.
• Implement validators and monitors for certificate lifecycle operations to ensure continuous compliance.
• Collaborate with team to improve developer experience and reduce false positives.

What you will have

• Bachelor’s degree in Computer Science, Software Engineering, Information Security, or equivalent practical experience.
• 2+ years of experience in software development, security, or compliance engineering.
• Ability to read and understand code (Python, Go, Java, or similar languages).
• Familiarity with PKI concepts (certificate lifecycle, Domain Control Verification methods) and eagerness to learn CA/Browser Forum standards.
• Exposure to CI/CD pipelines and willingness to learn compliance automation tools.
• Curiosity and willingness to learn PKI compliance engineering.
• Standards Translation: Turn industry policies into precise policy-as-code.
• Technical Analysis: Parse complex issuance code paths, DCV implementations, and profile renderers.
• Basic understanding of security principles and automation mindset to build reliable shift-left guardrails that block non-compliance pre-merge and pre-issuance.
• Attention to detail when reviewing code and configurations.
• Strong communication skills and ability to work in a team environment.

Nice to have

• Some experience with PKI tools such as zlint/cablint, OpenSSL/CFSSL, ASN.1 tooling, RFC 5280 path validation test suites.
• Hands-on experience is a plus but not required—mentorship will be provided.
• Kubernetes/cloud experience (OPA Gatekeeper/Kyverno, AWS/Azure/GCP).
• HSM operations (PKCS#11), FIPS 140-²⁄₁₄₀-3 familiarity.

Benefits

• Generous time off policies
• Top shelf benefits
• Education, wellness and lifestyle support

#LI-KK1