PKI Engineer - Crypto Services, IS&T Enterprise Systems

Sunnyvale, California, United States
Corporate Functions

Summary

Posted:
Weekly Hours: 40
Role Number:200564245
Apple is where individual imaginations gather together, committing to the values that lead to great work. Every new product we build, service we create, or Apple Store experience we deliver, is the result of us making each other’s ideas stronger. That happens because every one of us shares a belief that we can make something wonderful and share it with the world, changing lives for the better. It’s the diversity of our people and their thinking that inspires the innovation that runs through everything we do. When we bring everybody in, we can do the best work of our lives. Here, you’ll do more than join something — you’ll add something. The Crypto Services team powers Apple’s promise of privacy and security by protecting some of the most sensitive data at Apple - cryptographic keys. These are the people who run Apple’s Public Key Infrastructure (PKI). And they do it on a massive scale, meeting Apple’s high expectations with highly available, fault-tolerant PKI and encryption services that are leveraged by almost every Apple product including Mac, iPad, iPhone, Watch, Vision, AirPods, TV & Home, Entertainment, Accessories as well as our corporate systems and retail stores.

Description

Crypto Services PKI Engineers partner with engineers across the company who build secure, end-to-end solutions to provide digital certificate solutions. Thanks to Apple’s unique integration of certificate subscribers, relying parties, and PKI, PKI Engineers partner with teams across Apple to get behind a single unified vision. Our vision always includes a deep commitment to strengthening Apple’s security posture and privacy policy, one of Apple’s core values. Although certificates are integrated into a larger part of Apple’s business than ever before, the team remains small, forward-thinking, and cross-functional, offering greater exposure to the array of opportunities within Crypto Services. We are looking for someone to drive Apple’s ongoing PKI Engineering needs within the Crypto Services organization. IN THIS ROLE YOU WILL: - Lead, from an engineering standpoint, all aspects of PKI integration projects including scope, requirements, and timelines - Serve as a PKI subject matter expert for the rest of Apple and consult with teams on their PKI needs - Design and create PKI configurations for X.509 certificate generation and revocation. - Perform data analysis to drive CA lifecycle management - Ensure Apple PKI continues to use modern algorithms and keys and plans ahead for a post quantum future - Support the PKI Compliance team by maintaining and developing software for automating compliance - Own and maintain Certificate Policies (CP) and Certificate Practice Statements (CPS)

Minimum Qualifications

  • 3+ years of large-scale enterprise PKI industry experience
  • Experience in creating and maintaining Certificate Policies and Certificate Practice Statements

Key Qualifications

Preferred Qualifications

  • 3+ years of public PKI industry experience (WebTrust or ETSI)
  • Working knowledge of root program and CA/B Forum Requirements
  • Experience operating within a WebTrust-compliant control environmentExperience integrating digital certificates with applications and services
  • Experience as a PKI subject matter expert for large organizations on their PKI needs
  • Working knowledge of PKI industry best practices and relevant standards and requirements (e.g. RFC’s 2560, 3647, 5280, 8555)
  • 2+ years of expertise with scripting languages such as Bash or Python
  • Ability to use OpenSSL or other similar utility to view certificates, CRLs, and OCSP responses.
  • Strong interpersonal and leadership skills, including team-building, conflict resolution, and management
  • Ability to communicate clearly and effectively partner, influence, and instill confidence with key partners (e.g. PM’s, engineers, auditors)
  • Experience with Splunk, Github and the Atlassian tool suite
  • Able to create proof of concept PKIs using OpenSSL
  • Working knowledge of PQC

Education & Experience

Additional Requirements

Pay & Benefits

  • Apple is an equal opportunity employer that is committed to inclusion and diversity. We take affirmative action to ensure equal opportunity for all applicants without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, Veteran status, or other legally protected characteristics. Learn more about your EEO rights as an applicant.