PKI Software Engineer
PKI SOFTWARE ENGINEER
Ft. Meade, MD - Full Time (Hybrid)
Salary: 140-170K
August Schell is looking for a PKI Software Engineer to join our team in support of DoD enterprise PKI modernization with our DISA customer. The engineer will work hand-in-hand with commercial product engineering and government teams on the next generation of Public Key Infrastructure capabilities — including post-quantum cryptography (PQC) migration — within Red Hat Enterprise Linux, Red Hat Certificate System, and the upstream Dogtag PKI open-source project.
Individuals in this role must be able to work hybrid and go on site at Fort Meade as requested.
Responsibilities Include:
Design, develop, test, and maintain high-quality PKI software components across Red Hat Certificate System (RHCS) and Dogtag PKI
Work software fixes and feature development directly with product engineering teams and the government development lab — owning issues end-to-end from requirements through testing and verification
Support the program’s post-quantum cryptography migration, including PQC algorithm integration (ML-DSA) and legacy version transition planning
Develop and troubleshoot HSM integrations supporting CA operations and key escrow
Support certificate lifecycle automation (ACME) as the program transitions to shorter-lived certificates at higher issuance volume
Practice defensive programming and contribute to testing frameworks, CI/CD pipelines, and release quality
Communicate clearly across government stakeholders, commercial vendor engineering, and program contractors — translating technical status into program-level clarity
Proactively identify, document, and escalate risks and blockers before they impact program schedule
Requirements:
Active Secret clearance minimum (Top Secret preferred and may be required)
Local to the DMV area with the ability to work on site at Fort Meade as requested
Five (5)+ years of professional software engineering experience (flexible for candidates with exceptional PKI depth)
Java and/or Rust programming experience
Strong knowledge of Linux and its development tools
Knowledge or experience with Linux containers and container orchestration (Podman / Docker) and VMs (KVM)
Hands-on experience with PKI, x.509, cryptography, and system/software security technologies
Direct experience with Red Hat Certificate System or Dogtag PKI (the upstream open-source project of the deployed DoD code base) — comparable enterprise CA platform experience considered (EJBCA, Microsoft AD CS, Entrust Authority, ISC CertAgent, or similar)
DoD 8570/8140 IAT Level II certification (Security+ or equivalent)
Strong written and verbal communication skills
Stand out with:
Post-quantum cryptography familiarity (ML-DSA/Dilithium, Kyber, CNSA 2.0 timelines)
HSM integration experience (Entrust nShield, Thales Luna)
ACME protocol and certificate automation at scale
Prior DISA or DoD PKI program experience (Purebred, derived credentials, RA/CRL/OCSP operations)
Directory Server / LDAP experience
Experience using AI agents to accelerate development efforts
Python, Bash, or similar scripting languages
Package maintenance on Fedora/RHEL
Agile development methodologies (Scrum, JIRA)
