PKI Software Engineer
August Schell · Fort Meade, MD · 3 days ago
On-siteEngineeringFull-time
Responsibilities
- Design, develop, test, and maintain high-quality PKI software components across Red Hat Certificate System (RHCS) and Dogtag PKI.
- Work with product engineering teams and the government development lab to own issues end-to-end from requirements through testing and verification.
- Support the program’s post-quantum cryptography migration, including PQC algorithm integration (ML-DSA) and legacy version transition planning.
- Develop and troubleshoot HSM integrations supporting CA operations and key escrow.
- Develop certificate lifecycle automation (ACME) as the program transitions to shorter-lived certificates at higher issuance volume.
- Practice defensive programming and contribute to testing frameworks, CI/CD pipelines, and release quality.
- Communicate clearly across government stakeholders, commercial vendor engineering, and program contractors, translating technical status into program-level clarity.
- Proactively identify, document, and escalate risks and blockers before they impact program schedule.
Requirements
- Active Secret clearance minimum (Top Secret preferred and may be required).
- Local to the DMV area with the ability to work on site at Fort Meade as requested.
- Five (5)+ years of professional software engineering experience (flexible for candidates with exceptional PKI depth).
- Java and/or Rust programming experience.
- Strong knowledge of Linux and its development tools.
- Hands-on experience with PKI, x.509, cryptography, and system/software security technologies.
- Direct experience with Red Hat Certificate System or Dogtag PKI (the upstream open-source project of the deployed DoD code base) — comparable enterprise CA platform experience considered (EJBCA, Microsoft AD CS, Entrust Authority, ISC CertAgent, or similar).
- DoD 8570/8140 IAT Level II certification (Security+ or equivalent).
- Strong written and verbal communication skills.
Stand Out With
- Post-quantum cryptography familiarity (ML-DSA/Dilithium, Kyber, CNSA 2.0 timelines).
- HSM integration experience (Entrust nShield, Thales Luna).
- ACME protocol and certificate automation at scale.
- Prior DISA or DoD PKI program experience (Purebred, derived credentials, RA/CRL/OCSP operations).
- Directory Server / LDAP experience.
- Experience using AI agents to accelerate development efforts.
- Python, Bash, or similar scripting languages.
- Package maintenance on Fedora/RHEL.
- Agile development methodologies (Scrum, JIRA).