Make Your Resume Now

Senior PKI Engineer

Sectigo
Canada
Posted March 24, 2026
Full-time Mid-Senior Level

Job Overview

We are looking for a talented Senior PKI Engineer to join our growing global team at Sectigo.

The Senior PKI Engineer ensures that Sectigo’s PKI platform is understood, operable, and supportable end‑to‑end across software, infrastructure, and operations. This role exists to bridge gaps between design, implementation, and day‑to‑day operation of PKI systems. While PKI architecture, key generation, and HSM operations are owned by specialized teams, this role ensures that no critical PKI component or workflow is understood by only one person, and that the platform can be safely operated, debugged, and evolved over time. The Senior PKI Engineer develops deep, practical understanding of how PKI components interact in production — from code paths to infrastructure deployment to operational behavior.

Please Note: The Reporting Manager and the Work Arrangement requirements may be modified and redesigned based on business needs to ensure operational flexibility and organizational effectiveness.

This is a full-time position, working in a hybrid model, and reporting to our Ottawa office at least 3-4 days a week.

This is an individual contributor role, reporting to our Senior PKI Engineer.

Here are the core functions, responsibilities, and expectations for this role: 

          Scope & Impact

  • Cross cuts software, infrastructure, security, and operations
  • Covers existing PKI systems, not greenfield architecture
  • Reduces operational and organizational risk through shared understanding
  • Improves resilience, supportability, and maintainability of PKI platforms
  • Acts as a force multiplier for teams that depend on PKI

    End to End System Understanding
     
  • Develops and maintains a working understanding of PKI systems from certificate request to runtime consumption.
  • Understands how applications, services, infrastructure, and PKI components interact in production.
  • Can trace failures or anomalies across code, configuration, infrastructure, and operational processes.
  • This role is measured by depth of understanding and coverage, not by exclusive ownership.

    Software Awareness & Code Literacy
     
  • Reads and understands application and service code that consumes PKI (e.g., TLS, mTLS, signing, validation).
  • Understands how certificate lifecycle events affect runtime behavior (failures, retries, outages).
  • Partners with software teams to diagnose PKI related issues that surface as application problems.
  • Contributes small code changes, tooling, or diagnostics when necessary (not a feature delivery role).

    Infrastructure & Deployment Understanding
     
  • Understands how PKI components are deployed, configured, and operated across environments.
  • Has working knowledge of how PKI infrastructure is provisioned, monitored, and recovered.
  • Can reason about availability, failover, and operational dependencies without being the primary infrastructure owner.
  • Works effectively with infrastructure and platform teams to identify fragility or operational gaps.

    Operational Coverage & Risk Reduction
     
  • Ensures that critical PKI workflows are understood by more than one engineer.
  • Documents system behavior, operational procedures, and failure modes as understanding is gained.
  • Acts as an escalation and diagnostic resource for complex PKI related incidents.
  • Identifies areas where operational knowledge, monitoring, or automation is insufficient and drives improvement.

    Collaboration & Enablement
     
  • Works closely with PKI specialists, infrastructure teams, software engineers, and SRE.
  • Helps non PKI teams understand how to safely interact with PKI systems.
  • Translates between security, infrastructure, and application perspectives.
  • Improves organizational confidence in operating PKI dependent systems.

    What This Role Is Not
     
  • Not responsible for designing PKI architecture from scratch.
  • Not the primary owner of HSMs or key generation.
  • Not a policy only or compliance only PKI role.
  • Not a siloed crypto specialist.

    This role exists to connect the dots and reduce fragility, not to centralize ownership.
     
  • Additional tasks associated with this position may be assigned in response to company initiatives and business needs.

Ready to Apply?

Take the next step in your career journey

Apply Show More Jobs

Stand out with a professional resume tailored for this role

Build Your Resume – It’s Free!