PKI Engineer - Crypto Services, Enterprise Technology Services

Apple is where individual imaginations gather together, contributing to the values that lead to phenomenal work. Every new product we build, services we create, or Apple Store experience we deliver, is the result of us making each other's ideas stronger. That happens because every one of us shares a belief that we can make something wonderful and share it with the world, changing lives for the better. It's the diversity of our people and their thinking that encourages the innovation that runs through everything we do. When we bring everybody in, we can do the best work of our lives. Here, you'll do more than join something - you'll add something. The Crypto Services team powers Apple's promise of privacy and security by protecting some of the most sensitive data at Apple - cryptographic keys. These are the people who run Apple's Public Key Infrastructure (PKI). And they do it on a massive scale, meeting Apple's high expectations with highly available, fault-tolerant PKI and encryption services that are leveraged by almost every Apple product including Mac, iPad, iPhone, Watch, Vision, AirPods, TV & Home, Entertainment, Accessories as well as our corporate systems and retail stores.

• Lead, from an engineering standpoint, all aspects of PKI integration projects including scope, requirements, and timelines
• Serve as a PKI subject matter expert for the rest of Apple and consult with teams on their PKI needs
• Design and create PKI configurations for X.509 certificate generation and revocation
• Perform data analysis to drive CA lifecycle management
• Ensure Apple PKI continues to use modern algorithms and keys and plans ahead for a post quantum future
• Support the PKI Compliance team by maintaining and developing software for automating compliance
• Support the PKI Policy team by providing input to Certificate Policies and Certificate Practice Statements

• 5+ years of large-scale enterprise PKI industry experience
• Experience in creating and maintaining Certificate Policies and Certification Practice Statements
• Experience integrating digital certificates with applications and services
• Experience as a PKI subject matter expert for large organizations on their PKI needs
• Working knowledge of PKI industry best practices and relevant standards and requirements (e.g. RFC's 2560, 3647, 5280, 8555)
• 2+ years of expertise with scripting languages such as Bash or Python
• Ability to use OpenSSL or similar to view certificates, CRLs, and OCSP responses
• Strong interpersonal and leadership skills, including team-building, conflict resolution, and management
• Ability to communicate clearly and effectively to partner, influence, and instill confidence with key partners (e.g. PM's, engineers, auditors)

• 3+ years of public PKI industry experience (WebTrust and/or ETSI)
• 2+ years Product Management experience
• Working knowledge of root program and CA/B Forum Requirements
• Experience operating within a WebTrust-compliant control environment
• Experience with Splunk, GitHub, and the Atlassian tool suite
• Able to create proof of concept PKIs using OpenSSL or similar
• Working knowledge of PQC algorithms and transition timelines