Back to search results

PKI Engineer - Crypto Services, Enterprise Technology Services

Apple is where individual imaginations gather together, contributing to the values that lead to phenomenal work. Every new product we build, services we create, or Apple Store experience we deliver, is the result of us making each other’s ideas stronger. That happens because every one of us shares a belief that we can make something wonderful and share it with the world, changing lives for the better. It’s the diversity of our people and their thinking that encourages the innovation that runs through everything we do. When we bring everybody in, we can do the best work of our lives. Here, you’ll do more than join something — you’ll add something. The Crypto Services team powers Apple’s promise of privacy and security by protecting some of the most sensitive data at Apple - cryptographic keys. These are the people who run Apple’s Public Key Infrastructure (PKI). And they do it on a massive scale, meeting Apple’s high expectations with highly available, fault-tolerant PKI and encryption services that are leveraged by almost every Apple product including Mac, iPad, iPhone, Watch, Vision, AirPods, TV & Home, Entertainment, Accessories as well as our corporate systems and retail stores.
Crypto Services’ PKI Engineers partner with engineers across the company who build secure, end-to-end solutions to provide digital certificate solutions. Thanks to Apple’s outstanding integration of certificate subscribers, relying parties, and PKI, PKI Engineers partner with teams through the company to get behind a single unified vision. That vision always includes a deep dedication to strengthening Apple’s security posture and privacy policy, core values. Although certificates are integrated into a larger part of Apple’s business than ever before, we remain small, nimble, and multi-functional, offering greater exposure to the array of opportunities within Crypto Services. We are looking for someone to drive Apple’s ongoing PKI Engineering needs within the Crypto Services’ organization.
  • Lead, from an engineering standpoint, all aspects of PKI integration projects including scope, requirements, and timelines
  • Serve as a PKI subject matter expert for the rest of Apple and consult with teams on their PKI needs
  • Design and create PKI configurations for X.509 certificate generation and revocation
  • Perform data analysis to drive CA lifecycle management
  • Ensure Apple PKI continues to use modern algorithms and keys and plans ahead for a post quantum future
  • Support the PKI Compliance team by maintaining and developing software for automating compliance
  • Support the PKI Policy team by providing input to Certificate Policies and Certificate Practice Statements
  • 5+ years of large-scale enterprise PKI industry experience
  • Experience in creating and maintaining Certificate Policies and Certification Practice Statements
  • Experience integrating digital certificates with applications and services
  • Experience as a PKI subject matter expert for large organizations on their PKI needs
  • Working knowledge of PKI industry best practices and relevant standards and requirements (e.g. RFC’s 2560, 3647, 5280, 8555)
  • 2+ years of expertise with scripting languages such as Bash or Python
  • Ability to use OpenSSL or similar to view certificates, CRLs, and OCSP responses
  • Strong interpersonal and leadership skills, including team-building, conflict resolution, and management
  • Ability to communicate clearly and effectively to partner, influence, and instill confidence with key partners (e.g. PM’s, engineers, auditors)
  • 3+ years of public PKI industry experience (WebTrust and/or ETSI)
  • 2+ years Product Management experience
  • Working knowledge of root program and CA/B Forum Requirements
  • Experience operating within a WebTrust-compliant control environment
  • Experience with Splunk, GitHub, and the Atlassian tool suite
  • Able to create proof of concept PKIs using OpenSSL or similar
  • Working knowledge of PQC algorithms and transition timelines
At Apple, base pay is one part of our total compensation package and is determined within a range. This provides the opportunity to progress as you grow and develop within a role. The base pay range for this role is between $181,100 and $318,400, and your base pay will depend on your skills, qualifications, experience, and location.

Apple employees also have the opportunity to become an Apple shareholder through participation in Apple’s discretionary employee stock programs. Apple employees are eligible for discretionary restricted stock unit awards, and can purchase Apple stock at a discount if voluntarily participating in Apple’s Employee Stock Purchase Plan. You’ll also receive benefits including: Comprehensive medical and dental coverage, retirement benefits, a range of discounted products and free services, and for formal education related to advancing your career at Apple, reimbursement for certain educational expenses — including tuition. Additionally, this role might be eligible for discretionary bonuses or commission payments as well as relocation. Learn more about Apple Benefits.

Note: Apple benefit, compensation and employee stock programs are subject to eligibility requirements and other terms of the applicable plan or program.

Apple is an equal opportunity employer that is committed to inclusion and diversity. We seek to promote equal opportunity for all applicants without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, Veteran status, or other legally protected characteristics. Learn more about your EEO rights as an applicant.

Back to search results
See all roles in Sunnyvale