Principal Engineer Public Key Infrastructure

You want more out of a career. A place to share your ideas freely - even if they're daring or different. Where the true you can learn, grow, and thrive. At Verizon, we power and empower how people live, work and play by connecting them to what brings them joy. We do what we love - driving innovation, creativity, and impact in the world. Our V Team is a community of people who anticipate, lead, and believe that listening is where learning begins. In crisis and in celebration, we come together - lifting our communities and building trust in how we show up, everywhere & always. Want in? Join the #VTeamLife.

You will be a critical member of the Customer Router Security team, specifically tasked with the strategic initiative to build and run our Public Key Infrastructure (PKI) infrastructure. This project is critical to fulfilling Verizon's Network Security priorities and fundamentals at scale.

We are seeking a highly experienced and technically profound Principal Engineer specializing in Public Key Infrastructure (PKI) to join our security team. This role is crucial for designing, building, and maintaining the global PKI ecosystem that underpins our security, cryptographic services, and identity management across the entire enterprise. The ideal candidate will be a recognized subject matter expert, capable of setting technical strategy, mentoring junior engineers, and driving the implementation of cutting-edge, secure, and highly available PKI solutions.

The Principal Engineer will bring hands-on experience in applying best practices, managing stakeholder expectations, collaboration of solution approaches, and positioning implementations for ongoing success. He/She would also be comfortable pitching solutions and gaining the buy-in from the various teams including senior leaders.

Additionally, this position will require a rich understanding of routing, tunneling, and DDoS mitigation. This position will be included in the on-call rotation.

Primary Responsibilities:

• Define the long-term technical vision and architectural roadmap for our global PKI environment, including Certificate Authorities (CAs), Hardware Security Modules (HSMs), and certificate lifecycle management (CLM) platforms.

• Lead the design and implementation of next-generation cryptographic services, focusing on automation, scalability, and compliance with industry standards (e.g., NIST, CA/Browser Forum).

• Evaluate, recommend, and integrate new PKI-related technologies and services, such as post-quantum cryptography readiness, cloud PKI services, and advanced HSM deployments.

• Serve as the highest escalation point for complex PKI, certificate, and cryptographic service issues, providing expert troubleshooting and resolution.

• Lead the deployment, configuration, and maintenance of high-assurance CAs, OCSP/CRL responders, and HSM infrastructure across diverse environments (on-premises and cloud).

• Develop and maintain robust, self-service automation tools (using scripting and orchestration platforms) to streamline certificate provisioning, renewal, and revocation enabling automation and orchestration.

• Ensure the operational health, performance, and compliance of all PKI systems through continuous monitoring, auditing, and patching.

• Provide technical leadership and mentorship to PKI and security engineering teams, fostering a culture of excellence, security-first design, and continuous learning.

• Document technical standards, procedures, and architectural decisions clearly for both technical and non-technical audiences.

• Collaborate with audit, compliance, legal, and other security teams to ensure PKI systems meet strict regulatory and internal policy requirements.

• Drive cross-functional initiatives to integrate PKI and cryptographic solutions to secure applications and manage certificate lifecycles.

• Bachelor's degree or four or more years of work experience.

• Six or more years of relevant experience required, demonstrated through one or a combination of work and/or military experience, or specialized training.

• 8+ years of progressive experience in Information Security, with a minimum of 7 years focused specifically on designing, managing, and maintaining large-scale enterprise PKI and cryptographic systems.

• Deep, hands-on experience with commercial and/or open-source CA platforms (e.g., Microsoft AD CS, Entrust, Venafi, EJBCA, Vault PKI).

• Expert-level knowledge of cryptographic primitives, protocols (e.g., TLS/SSL, S/MIME, IPsec), certificate formats (X.509), and associated standards.

• Proven expertise in managing, configuring, and deploying Hardware Security Modules (HSMs) from major vendors (e.g., Thales, nCipher, Utimaco).

• Strong proficiency in automation and scripting (e.g., Python) and experience with infrastructure-as-code tools (e.g., Ansible).

• Master's degree in a relevant technical field.

• Demonstrated hands-on experience with Keyfactor

• Experience with PKI deployments in cloud environments (e.g., AWS ACM, Azure Key Vault, Google Cloud KMS).

• In-depth knowledge of CA operations, key management best practices, and compliance standards (e.g., WebTrust/ETSI, CA/Browser Forum Baseline Requirements).

• Experience in mitigating advanced cryptographic threats and preparing for future challenges like post-quantum cryptography.

• Demonstrated ability to drive complex projects to completion and influence technical direction across multiple teams.

• Knowledge of Distributed Denial of Service Attacks

• Demonstrated strong written and communication skills.

• Experience in Google Suite.

• Knowledge of Network & Security protocols (ex: TCP/IP)

• Juniper routing, Palo Alto Firewall, and F5 Load Balancer knowledge

If Verizon and this role sound like a fit for you, we encourage you to apply even if you don't meet every "even better" qualification listed above.

Verizon is an equal opportunity employer. We evaluate qualified applicants without regard to veteran status, disability or other legally protected characteristics.

Our benefits are designed to help you move forward in your career, and in areas of your life outside of Verizon. From health and wellness benefit options including: medical, dental, vision, short and long term disability, basic life insurance, supplemental life insurance, AD&D insurance, identity theft protection, pet insurance and group home & auto insurance. We also offer a matched 401(k) savings plan, up to 8 company paid holidays per year and up to 6 personal days per year, paid parental leave, adoption assistance and tuition assistance, plus other incentives, we've got you covered with our award-winning total rewards package. Depending on the role, employees have the opportunity to receive compensation in the form of premium pay such as overtime, shift differential, holiday pay, allowances, etc. Newly hired employees receive up to 15 days of vacation per year, which grows with additional service. For part-timers, your coverage will vary as you may be eligible for some of these benefits depending on your individual circumstances.