PKI Principal Engineer

Information Technology Santa Clara, California


Our Mission

At Palo Alto Networks® everything starts and ends with our mission:

Being the cybersecurity partner of choice, protecting our digital way of life.

We have the vision of a world where each day is safer and more secure than the one before. These aren’t easy goals to accomplish – but we’re not here for easy. We’re here for better. We are a company built on the foundation of challenging and disrupting the way things are done, and we’re looking for innovators who are as committed to shaping the future of cybersecurity as we are.


Palo Alto Networks is looking for a talented Principal Engineer who will be responsible for overall design, implementation and maintainability of customer facing PKI infrastructure. As a member of a senior technical staff consisting of experts in many adjacent areas (Windows, Linux, VMWare, Storage, IAM etc.), you will own tier 3 engineering for PKI domain and related technologies.

The ideal candidate will be passionate about a role that requires new learnings working in a highly technical team, enjoys a fast-paced environment and has a bias towards automation to operate large-scale systems.

Your Impact 

  • End-2-end ownership for designing, implementing and supporting globally distributed customer-facing PKI infrastructure and API.
  • Ownership of scalability, capacity, redundancy, and resiliency, maintenance and decommissioning planning for global PKI solution.
  • Provision, configure & support resilient hybrid cloud deployment architecture, while maintaining availability and performance SLAs based on business and product requirements.
  • Maintain all documentation related to certificate practice statement, including areas of design, deployment, validation, operational and DR/BCP.
  • Design proactive monitoring, alerting, trend analysis for PKI and underlying infrastructure, and support the operations team in implementation.
  • Increase maturity of PKI product/service by defining Governance and Standards, building Product Roadmaps, and publishing the PKI Engagement model with SLAs
  • Collaborate and partner with other development teams to define technical requirements for implementation and adoption of X.509 certificates usage in Palo Alto Networks products and cloud services and develop automation and integration methods with PKI solution.
  • Subject Matter Expert forall areas of X.509 certificates and implementation & operation of PKI
  • Create presentation layers for Technical, Business and Executive Management showing environment operational health based on Key Performance Indicators

Your Experience 

  • Minimum 5 years PKI infrastructure experience with a strong understanding of PKI.
  • Minimum 5 years of Linux hands-on experience in managing and supporting Linux server infrastructure in CentOS/RHEL/Ubuntu
  • Experience and understanding of installation and management of OCSP and HSM solutions
  • Design and performance tuning for infrastructure and API in-depth knowledge of PKI elements such as X.509 certificates, PKI Elements and Hierarchy, Trust Models, Cross Certification and etc.
  • In-depth knowledge of Certificate Lifecycle Management
  • Must be able to collaborate between product management, engineering and IT teams on roadmap pertaining to PKI.
  • Experience in building a Certificate Practice Statement (CPS)
  • Strong technical writing skills to support required documentation
  • Must be comfortable with Ansible, Chef or similar configuration management tool to manage infrastructure as code and source code control systems such a GIT, SVN etc.
  • Experience with SafeNet HSMs is a plus.
  • Fluent in security & encryption terminology
  • Problem solving and troubleshooting of complex issues
  • Passion, drive, energy, a sense of humor and a great attitude!
  • BA/BS in Computer Science, Information Technology or the equivalent combination of work experience required

The Team

Working at a high-tech cybersecurity company within Information Technology is a once in a lifetime opportunity. You’ll be joined with the brightest minds in technology, creating, building, and supporting tools and that enable our global teams on the front line of defense against cyberattacks. We’re joined by one mission – but driven by the impact of that mission and what it means to protect our way of life in the digital age. Join a dynamic and fast-paced team that feels excitement at the prospect of a challenge and feels a thrill at resolving technical gaps that inhibit productivity.

Our Commitment

We’re trailblazers that dream big, take risks, and challenge cybersecurity’s status quo. It’s simple: we can’t accomplish our mission without diverse teams innovating, together. To learn more about our dedication to inclusion and innovation, visit our Life at Palo Alto Networks page and our diversity website.

Palo Alto Networks is an equal opportunity employer. We celebrate diversity in our workplace, and all qualified applicants will receive consideration for employment without regard to age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or other legally protected characteristics.

Additionally, we are committed to providing reasonable accommodations for all qualified individuals with a disability. If you require assistance or an accommodation due to a disability or special need, please contact us at