At F5, we strive to bring a better digital world to life. Our teams empower organizations across the globe to create, secure, and run applications that enhance how we experience our evolving digital world. We are passionate about cybersecurity, from protecting consumers from fraud to enabling companies to focus on innovation.

Everything we do centers around people. That means we obsess over how to make the lives of our customers, and their customers, better. And it means we prioritize a diverse F5 community where each individual can thrive.

Principal Engineer – PKI/PQC Expert

F5 BIG-IP Platform Security Team

Role Overview

The PKI and Digital Security Engineer leads the design, development, and deployment of Public Key Infrastructure (PKI), Post-Quantum Cryptography (PQC), and digital security solutions for F5 enterprise-scale environments. This role ensures seamless integration of certificate management processes while maintaining security and integrity standards across products, applications and cloud environments. As a technical leader, this position plays a key role in enabling secure digital ecosystems while staying ahead of emerging technologies in cryptography and digital security.

Key Responsibilities

• Design, develop, and implement PKI, PQC, and digital security solutions to support business needs.

• Collaborate with cross-functional teams to integrate PKI services into F5 products and applications, focusing on TLS and certificate management.

• Automate PKI processes, including certificate issuance, renewal, and revocation, to optimize efficiency.

• Ensure the secure management of TLS certificates and cryptographic operations to maintain the integrity and reliability of systems.

• Deliver PKI services within cloud environments (AWS, Azure, Kubernetes) and oversee their scalability and performance.

• Provide expert technical guidance in designing PKI architectures with considerations for post-quantum cryptography (PQC) concerns.

• Act as a trusted advisor for PKI-related aspects in negotiations and interactions with internal and external stakeholders.

• Continuously monitor the performance of PKI systems to ensure availability, fault tolerance, and resilience.

• Stay updated on advancements in PKI, PQC, and digital security technologies, incorporating emerging trends into solutions.

Required Qualifications

Experience

• PKI Implementation: 8+ years of experience designing, deploying, and securing PKI systems, including certificate lifecycle management (issuance, renewal, revocation), TLS integrations, and cryptographic operations.

• Cloud Security Expertise: Hands-on expertise delivering PKI solutions in cloud-native environments (AWS, Azure, Kubernetes) and maintaining security within hybrid architectures.

• Post-Quantum Cryptography (PQC): Proven track record of transitioning systems to post-quantum cryptography standards and implementing advanced cryptographic algorithms (RSA, ECC, lattice-based cryptography).

• Automation & Dev Sec Ops: Proficiency in streamlining PKI processes using automation tools (Terraform, Ansible) and scripting languages (Python, PowerShell) within Dev Sec Ops frameworks.

Technical Skills

• Advanced knowledge of PKI concepts, including certificate management (issuance, renewal, revocation) and cryptographic operations.

• Expertise in TLS protocols and secure certificate handling.

• Proficiency in cloud-native environments such as AWS, Azure, and Kubernetes for deploying and managing PKI services.

• Familiarity with post-quantum cryptography (PQC) and transitioning digital security systems to accommodate emerging PQC standards.

• Hands-on experience with automating PKI processes using scripting languages (e.g., Python, PowerShell).

• Deep understanding of security protocols, cryptographic algorithms, and key management practices.

• Knowledge of modern Dev Sec Ops practices and automation tools (e.g., Terraform, Ansible).

• Experience in performance tuning, scaling, and troubleshooting PKI systems.

Core Competencies

• Technical Leadership: Ability to guide teams in designing and implementing innovative PKI and PQC architectures.

• Problem-Solving: Aptitude for diagnosing and rectifying complex security and cryptographic challenges.

• Collaborative Communication: Strong interpersonal skills to work effectively across multidisciplinary teams and stakeholders.

• Strategic Thinking: Capability to align PKI solutions with long-term organizational goals while adapting to emerging trends.

• Adaptability: Skills to incorporate new advancements in cryptography and security into existing systems.

• Attention to Detail: Precision in configuring and managing cryptographic frameworks to eliminate vulnerabilities.

• Innovation: Drive to explore cutting-edge solutions in digital security and cryptography.

Preferred Qualifications

• 12+ years of hands-on experience in designing, implementing, and managing PKI infrastructure and certificate lifecycle management.

• Proven experience in cryptography, including TLS protocols, digital certificate operations, and key management.

• Strong background in cloud-native environments (AWS, Azure, Google Cloud, Kubernetes) for deploying secure PKI systems.

• Experience working with emerging standards around Post-Quantum Cryptography (PQC).

• Demonstrated experience with automation tools (e.g., Ansible, Terraform) and scripting languages (e.g., Python, PowerShell).

• Familiarity with security frameworks such as NIST, FIPS, or ISO 27001 related to cryptographic operations.

• Comprehensive understanding of protocols like X.509, OCSP, S/MIME, and LDAP in PKI implementations.

• Knowledge of cryptographic algorithms (RSA, ECC, AES, SHA) and PQC methods like lattice-based cryptography.

• Proficiency in implementing PKI solutions across hybrid environments (on-premise and cloud).

• Experience in mentoring teams and providing technical leadership.

Research & Intellectual Contributions:

Technical White Papers: Publication of research in cryptography, PKI, or PQC in renowned journals, conferences (e.g., IEEE, ACM, Black Hat, RSAC).

Patents: Authored patents in cryptography, innovative PKI solutions, or other digital security technologies demonstrating original contributions to the field.

Certifications Preferred

• Certified Cryptography Engineer (CCE)/ Certified Cybersecurity Technician (CCT)

• Certified Information Systems Security Professional (CISSP)

• Certified Kubernetes Administrator (CKA)

Education

• Bachelor's degree in Computer Science, Cybersecurity, Electrical/Computer Engineering, or a related field.

• Master’s degree in Cybersecurity, Cryptography, or a related field is highly desirable.

The Job Description is intended to be a general representation of the responsibilities and requirements of the job. However, the description may not be all-inclusive, and responsibilities and requirements are subject to change.

The annual base pay for this position is: $186,400.00 - $279,600.00

F5 maintains broad salary ranges for its roles in order to account for variations in knowledge, skills, experience, geographic locations, and market conditions, as well as to reflect F5’s differing products, industries, and lines of business. The pay range referenced is as of the time of the job posting and is subject to change.

You may also be offered incentive compensation, bonus, restricted stock units, and benefits. More details about F5’s benefits can be found at the following link: https://www.f5.com/company/careers/benefits. F5 reserves the right to change or terminate any benefit plan without notice.

Please note that F5 only contacts candidates through F5 email address (ending with @f5.com) or auto email notification from Workday (ending with f5.com or @myworkday.com).

Equal Employment Opportunity

It is the policy of F5 to provide equal employment opportunities to all employees and employment applicants without regard to unlawful considerations of race, religion, color, national origin, sex, sexual orientation, gender identity or expression, age, sensory, physical, or mental disability, marital status, veteran or military status, genetic information, or any other classification protected by applicable local, state, or federal laws. This policy applies to all aspects of employment, including, but not limited to, hiring, job assignment, compensation, promotion, benefits, training, discipline, and termination. F5 offers a variety of reasonable accommodations for candidates. Requesting an accommodation is completely voluntary. F5 will assess the need for accommodations in the application process separately from those that may be needed to perform the job. Request by contacting accommodations@f5.com.