At Sectigo, we align around our mission and pride ourselves in helping thousands of customers sleep better at night.

Sectigo is the most innovative provider of certificate lifecycle management (CLM), delivering comprehensive solutions that secure human and machine identities for the world’s largest brands. Sectigo’s automated, cloud-native CLM platform issues and manages digital certificates across all certificate authorities (CAs) to simplify and improve security protocols within the enterprise. Sectigo is one of the largest, longest-standing, and most reputable CAs with more than 700,000 customers and two decades of delivering unparalleled digital trust.

“When people think Online trust management, they think Sectigo because we offer our customers unparalleled peace of mind.”

How we show up with each other and our customers every day is just as important, and we win as #OneSectigo by living out our core values - Support, Excellence, Communication, Teamwork, Integrity, Growth and Openness. We are committed to investing in our diverse teams where everyone understands their role and how they support our strategic goals, we drive operational excellence through scale and efficiency, and we strive to delight our customers and become the market leader in our industry. If you aspire to join a driven team that holds each other accountable to meeting our lofty goals and you’d like to be part of our growth story in delivering a market leading user experience, we’d like to talk to you.

We are looking for a talented Senior PKI Engineer to join our growing global team at Sectigo.

The Senior PKI Engineer ensures that Sectigo’s PKI platform is understood, operable, and supportable end‑to‑end across software, infrastructure, and operations. This role exists to bridge gaps between design, implementation, and day‑to‑day operation of PKI systems. While PKI architecture, key generation, and HSM operations are owned by specialized teams, this role ensures that no critical PKI component or workflow is understood by only one person, and that the platform can be safely operated, debugged, and evolved over time. The Senior PKI Engineer develops deep, practical understanding of how PKI components interact in production — from code paths to infrastructure deployment to operational behavior.

Please Note: The Reporting Manager and the Work Arrangement requirements may be modified and redesigned based on business needs to ensure operational flexibility and organizational effectiveness.

This is a full-time position, working in a hybrid model, and reporting to our Ottawa office at least 3-4 days a week.

This is an individual contributor role, reporting to our Senior PKI Engineer.

Here are the core functions, responsibilities, and expectations for this role: 

          Scope & Impact

• Cross cuts software, infrastructure, security, and operations
• Covers existing PKI systems, not greenfield architecture
• Reduces operational and organizational risk through shared understanding
• Improves resilience, supportability, and maintainability of PKI platforms
• Acts as a force multiplier for teams that depend on PKI
  
  End to End System Understanding
   
• Develops and maintains a working understanding of PKI systems from certificate request to runtime consumption.
• Understands how applications, services, infrastructure, and PKI components interact in production.
• Can trace failures or anomalies across code, configuration, infrastructure, and operational processes.
• This role is measured by depth of understanding and coverage, not by exclusive ownership.
  
  Software Awareness & Code Literacy
   
• Reads and understands application and service code that consumes PKI (e.g., TLS, mTLS, signing, validation).
• Understands how certificate lifecycle events affect runtime behavior (failures, retries, outages).
• Partners with software teams to diagnose PKI related issues that surface as application problems.
• Contributes small code changes, tooling, or diagnostics when necessary (not a feature delivery role).
  
  Infrastructure & Deployment Understanding
   
• Understands how PKI components are deployed, configured, and operated across environments.
• Has working knowledge of how PKI infrastructure is provisioned, monitored, and recovered.
• Can reason about availability, failover, and operational dependencies without being the primary infrastructure owner.
• Works effectively with infrastructure and platform teams to identify fragility or operational gaps.
  
  Operational Coverage & Risk Reduction
   
• Ensures that critical PKI workflows are understood by more than one engineer.
• Documents system behavior, operational procedures, and failure modes as understanding is gained.
• Acts as an escalation and diagnostic resource for complex PKI related incidents.
• Identifies areas where operational knowledge, monitoring, or automation is insufficient and drives improvement.
  
  Collaboration & Enablement
   
• Works closely with PKI specialists, infrastructure teams, software engineers, and SRE.
• Helps non PKI teams understand how to safely interact with PKI systems.
• Translates between security, infrastructure, and application perspectives.
• Improves organizational confidence in operating PKI dependent systems.
  
  What This Role Is Not
   
• Not responsible for designing PKI architecture from scratch.
• Not the primary owner of HSMs or key generation.
• Not a policy only or compliance only PKI role.
• Not a siloed crypto specialist.
  
  This role exists to connect the dots and reduce fragility, not to centralize ownership.
   
• Additional tasks associated with this position may be assigned in response to company initiatives and business needs.

Education:

• Bachelor’s degree in related fields is strongly recommended.

Experience:

• Minimum of 8+ years of experience working with PKI‑based systems in production.
• Proven experience with diagnosing and resolving PKI‑related incidents.
• Ability to read and reason about software systems, even outside one’s primary stack.
• Experience operating or supporting complex infrastructure‑backed platforms.
• Strong debugging skills across application, infrastructure, and security layers.
• Comfortable taking ownership of “hard to understand” systems.

Ideal Candidate Profiles, Talents, and Desired Qualifications:

• Knowledge about PKI systems is shared, documented, and accessible
• Application teams understand how PKI impacts their systems
• Operational risks are identified before becoming outages
• The organization is less dependent on any single individual for PKI continuity

All your information will be kept confidential according to EEO guidelines.

Global team. Global reach. Global impact.

At Sectigo, we believe doing good is good business. Our strength and our success come from our team of passionate, engaged individuals who make a difference, both locally and globally. Our commitment to engagement is rooted in an unconditionally inclusive workforce, embodying our unique perspectives, heritages, and backgrounds, all as diverse as the experiences of each Sectigo employee. Importantly, we strive to be recognized not only as the CLM leader but also for our intentional efforts to promote employees into the roles that most challenge and excite them, into experiences that allow them to grow their interests as we grow the business. We are committed to bringing a little bit of fun and a whole lot of happiness into everything we do so that our work – and our team members – reflect the positive outcomes we deliver to our customers every day.