PKI SOFTWARE ENGINEER Ft. Meade, MD - Full Time (Hybrid) Salary: 140-170K
The engineer will work hand-in-hand with commercial product engineering and government teams on the next generation of Public Key Infrastructure capabilities - including post-quantum cryptography (PQC) migration - within Red Hat Enterprise Linux, Red Hat Certificate System, and the upstream Dogtag PKI open-source project.
Individuals in this role must be able to work hybrid and go on site at Fort Meade as requested.
Responsibilities Include:
- Design, develop, test, and maintain high-quality PKI software components across Red Hat Certificate System (RHCS) and Dogtag PKI
- Work software fixes and feature development directly with product engineering teams and the government development lab - owning issues end-to-end from requirements through testing and verification
- Support the program's post-quantum cryptography migration, including PQC algorithm integration (ML-DSA) and legacy version transition planning
- Develop and troubleshoot HSM integrations supporting CA operations and key escrow
- Support certificate lifecycle automation (ACME) as the program transitions to shorter-lived certificates at higher issuance volume
- Practice defensive programming and contribute to testing frameworks, CI/CD pipelines, and release quality
- Communicate clearly across government stakeholders, commercial vendor engineering, and program contractors - translating technical status into program-level clarity
- Proactively identify, document, and escalate risks and blockers before they impact program schedule
Requirements:
- Active Secret clearance minimum (Top Secret preferred and may be required)
- Local to the DMV area with the ability to work on site at Fort Meade as requested
- Five (5)+ years of professional software engineering experience (flexible for candidates with exceptional PKI depth)
- Java and/or Rust programming experience
- Strong knowledge of Linux and its development tools
- Knowledge or experience with Linux containers and container orchestration (Podman / Docker) and VMs (KVM)
- Hands-on experience with PKI, x.509, cryptography, and system/software security technologies
- Direct experience with Red Hat Certificate System or Dogtag PKI (the upstream open-source project of the deployed DoD code base) - comparable enterprise CA platform experience considered (EJBCA, Microsoft AD CS, Entrust Authority, ISC CertAgent, or similar)
- DoD 8570/8140 IAT Level II certification (Security+ or equivalent)
- Strong written and verbal communication skills
Stand out with:
- Post-quantum cryptography familiarity (ML-DSA/Dilithium, Kyber, CNSA 2.0 timelines)
- HSM integration experience (Entrust nShield, Thales Luna)
- ACME protocol and certificate automation at scale
- Prior DISA or DoD PKI program experience (Purebred, derived credentials, RA/CRL/OCSP operations)
- Directory Server / LDAP experience
- Experience using AI agents to accelerate development efforts
- Python, Bash, or similar scripting languages
- Package maintenance on Fedora/RHEL
- Agile development methodologies (Scrum, JIRA)