Principal Engineer – PKI/PQC Expert

F5 BIG-IP Platform Security Team

Role Overview

The PKI and Digital Security Engineer leads the design, development, and deployment of Public Key Infrastructure (PKI), Post-Quantum Cryptography (PQC), and digital security solutions for F5 enterprise-scale environments. This role ensures seamless integration of certificate management processes while maintaining security and integrity standards across products, applications and cloud environments. As a technical leader, this position plays a key role in enabling secure digital ecosystems while staying ahead of emerging technologies in cryptography and digital security.

Key Responsibilities

• Design, develop, and implement PKI, PQC, and digital security solutions to support business needs.

• Collaborate with cross-functional teams to integrate PKI services into F5 products and applications, focusing on TLS and certificate management.

• Automate PKI processes, including certificate issuance, renewal, and revocation, to optimize efficiency.

• Ensure the secure management of TLS certificates and cryptographic operations to maintain the integrity and reliability of systems.

• Deliver PKI services within cloud environments (AWS, Azure, Kubernetes) and oversee their scalability and performance.

• Provide expert technical guidance in designing PKI architectures with considerations for post-quantum cryptography (PQC) concerns.

• Act as a trusted advisor for PKI-related aspects in negotiations and interactions with internal and external stakeholders.

• Continuously monitor the performance of PKI systems to ensure availability, fault tolerance, and resilience.

• Stay updated on advancements in PKI, PQC, and digital security technologies, incorporating emerging trends into solutions.

Required Qualifications

Experience

• PKI Implementation: 8+ years of experience designing, deploying, and securing PKI systems, including certificate lifecycle management (issuance, renewal, revocation), TLS integrations, and cryptographic operations.

• Cloud Security Expertise: Hands-on expertise delivering PKI solutions in cloud-native environments (AWS, Azure, Kubernetes) and maintaining security within hybrid architectures.

• Post-Quantum Cryptography (PQC): Proven track record of transitioning systems to post-quantum cryptography standards and implementing advanced cryptographic algorithms (RSA, ECC, lattice-based cryptography).

• Automation & DevSecOps: Proficiency in streamlining PKI processes using automation tools (Terraform, Ansible) and scripting languages (Python, PowerShell) within DevSecOps frameworks.

Technical Skills

• Advanced knowledge of PKI concepts, including certificate management (issuance, renewal, revocation) and cryptographic operations.

• Expertise in TLS protocols and secure certificate handling.

• Proficiency in cloud-native environments such as AWS, Azure, and Kubernetes for deploying and managing PKI services.

• Familiarity with post-quantum cryptography (PQC) and transitioning digital security systems to accommodate emerging PQC standards.

• Hands-on experience with automating PKI processes using scripting languages (e.g., Python, PowerShell).

• Deep understanding of security protocols, cryptographic algorithms, and key management practices.

• Knowledge of modern DevSecOps practices and automation tools (e.g., Terraform, Ansible).

• Experience in performance tuning, scaling, and troubleshooting PKI systems.

Core Competencies

• Technical Leadership: Ability to guide teams in designing and implementing innovative PKI and PQC architectures.

• Problem-Solving: Aptitude for diagnosing and rectifying complex security and cryptographic challenges.

• Collaborative Communication: Strong interpersonal skills to work effectively across multidisciplinary teams and stakeholders.

• Strategic Thinking: Capability to align PKI solutions with long-term organizational goals while adapting to emerging trends.

• Adaptability: Skills to incorporate new advancements in cryptography and security into existing systems.

• Attention to Detail: Precision in configuring and managing cryptographic frameworks to eliminate vulnerabilities.

• Innovation: Drive to explore cutting-edge solutions in digital security and cryptography.

Preferred Qualifications

• 12+ years of hands-on experience in designing, implementing, and managing PKI infrastructure and certificate lifecycle management.

• Proven experience in cryptography, including TLS protocols, digital certificate operations, and key management.

• Strong background in cloud-native environments (AWS, Azure, Google Cloud, Kubernetes) for deploying secure PKI systems.

• Experience working with emerging standards around Post-Quantum Cryptography (PQC).

• Demonstrated experience with automation tools (e.g., Ansible, Terraform) and scripting languages (e.g., Python, PowerShell).

• Familiarity with security frameworks such as NIST, FIPS, or ISO 27001 related to cryptographic operations.

• Comprehensive understanding of protocols like X.509, OCSP, S/MIME, and LDAP in PKI implementations.

• Knowledge of cryptographic algorithms (RSA, ECC, AES, SHA) and PQC methods like lattice-based cryptography.

• Proficiency in implementing PKI solutions across hybrid environments (on-premise and cloud).

• Experience in mentoring teams and providing technical leadership.

Research & Intellectual Contributions:

Technical White Papers: Publication of research in cryptography, PKI, or PQC in renowned journals, conferences (e.g., IEEE, ACM, BlackHat, RSAC).

Patents: Authored patents in cryptography, innovative PKI solutions, or other digital security technologies demonstrating original contributions to the field.

Certifications Preferred

• Certified Cryptography Engineer (CCE)/ Certified Cybersecurity Technician (CCT)

• Certified Information Systems Security Professional (CISSP)

• Certified Kubernetes Administrator (CKA)

Education

• Bachelor's degree in Computer Science, Cybersecurity, Electrical/Computer Engineering, or a related field.

• Master’s degree in Cybersecurity, Cryptography, or a related field is highly desirable.

#LI-ZB1