Job Requirements
Remote Fort Meade, MD
Secret Polygraph not specified
Mid Level Career (5+ yrs experience)
$140,000 - $170,000
Job Description
PKI SOFTWARE ENGINEER
Ft. Meade, MD - Full Time (Hybrid)
August Schell is looking for a PKI Software Engineer to join our team in support of DoD enterprise PKI modernization with our DISA customer. The engineer will work hand-in-hand with commercial product engineering and government teams on the next generation of Public Key Infrastructure capabilities — including post-quantum cryptography (PQC) migration — within Red Hat Enterprise Linux, Red Hat Certificate System, and the upstream Dogtag PKI open-source project.
Individuals in this role must be able to work hybrid and go on site at Fort Meade as requested.
Responsibilities Include:
-Design, develop, test, and maintain high-quality PKI software components across Red Hat Certificate System (RHCS) and Dogtag PKI
-Work software fixes and feature development directly with product engineering teams and the government development lab — owning issues end-to-end from requirements through testing and verification
-Support the program’s post-quantum cryptography migration, including PQC algorithm integration (ML-DSA) and legacy version transition planning
-Develop and troubleshoot HSM integrations supporting CA operations and key escrow
-Support certificate lifecycle automation (ACME) as the program transitions to shorter-lived certificates at higher issuance volume
-Practice defensive programming and contribute to testing frameworks, CI/CD pipelines, and release quality
-Communicate clearly across government stakeholders, commercial vendor engineering, and program contractors — translating technical status into program-level clarity
-Proactively identify, document, and escalate risks and blockers before they impact program schedule
Requirements:
-Active Secret clearance minimum (Top Secret preferred and may be required)
-Local to the DMV area with the ability to work on site at Fort Meade as requested
-Five (5)+ years of professional software engineering experience (flexible for candidates with exceptional PKI depth)
-Java and/or Rust programming experience
-Strong knowledge of Linux and its development tools
-Knowledge or experience with Linux containers and container orchestration (Podman / Docker) and VMs (KVM)
-Hands-on experience with PKI, x.509, cryptography, and system/software security technologies
-Direct experience with Red Hat Certificate System or Dogtag PKI (the upstream open-source project of the deployed DoD code base) — comparable enterprise CA platform experience considered (EJBCA, Microsoft AD CS, Entrust Authority, ISC CertAgent, or similar)
-DoD 8570/8140 IAT Level II certification (Security+ or equivalent)
-Strong written and verbal communication skills
Stand out with:
-Post-quantum cryptography familiarity (ML-DSA/Dilithium, Kyber, CNSA 2.0 timelines)
-HSM integration experience (Entrust nShield, Thales Luna)
-ACME protocol and certificate automation at scale
-Prior DISA or DoD PKI program experience (Purebred, derived credentials, RA/CRL/OCSP operations)
-Directory Server / LDAP experience
-Experience using AI agents to accelerate development efforts
-Python, Bash, or similar scripting languages
-Package maintenance on Fedora/RHEL
-Agile development methodologies (Scrum, JIRA)
Ft. Meade, MD - Full Time (Hybrid)
August Schell is looking for a PKI Software Engineer to join our team in support of DoD enterprise PKI modernization with our DISA customer. The engineer will work hand-in-hand with commercial product engineering and government teams on the next generation of Public Key Infrastructure capabilities — including post-quantum cryptography (PQC) migration — within Red Hat Enterprise Linux, Red Hat Certificate System, and the upstream Dogtag PKI open-source project.
Individuals in this role must be able to work hybrid and go on site at Fort Meade as requested.
Responsibilities Include:
-Design, develop, test, and maintain high-quality PKI software components across Red Hat Certificate System (RHCS) and Dogtag PKI
-Work software fixes and feature development directly with product engineering teams and the government development lab — owning issues end-to-end from requirements through testing and verification
-Support the program’s post-quantum cryptography migration, including PQC algorithm integration (ML-DSA) and legacy version transition planning
-Develop and troubleshoot HSM integrations supporting CA operations and key escrow
-Support certificate lifecycle automation (ACME) as the program transitions to shorter-lived certificates at higher issuance volume
-Practice defensive programming and contribute to testing frameworks, CI/CD pipelines, and release quality
-Communicate clearly across government stakeholders, commercial vendor engineering, and program contractors — translating technical status into program-level clarity
-Proactively identify, document, and escalate risks and blockers before they impact program schedule
Requirements:
-Active Secret clearance minimum (Top Secret preferred and may be required)
-Local to the DMV area with the ability to work on site at Fort Meade as requested
-Five (5)+ years of professional software engineering experience (flexible for candidates with exceptional PKI depth)
-Java and/or Rust programming experience
-Strong knowledge of Linux and its development tools
-Knowledge or experience with Linux containers and container orchestration (Podman / Docker) and VMs (KVM)
-Hands-on experience with PKI, x.509, cryptography, and system/software security technologies
-Direct experience with Red Hat Certificate System or Dogtag PKI (the upstream open-source project of the deployed DoD code base) — comparable enterprise CA platform experience considered (EJBCA, Microsoft AD CS, Entrust Authority, ISC CertAgent, or similar)
-DoD 8570/8140 IAT Level II certification (Security+ or equivalent)
-Strong written and verbal communication skills
Stand out with:
-Post-quantum cryptography familiarity (ML-DSA/Dilithium, Kyber, CNSA 2.0 timelines)
-HSM integration experience (Entrust nShield, Thales Luna)
-ACME protocol and certificate automation at scale
-Prior DISA or DoD PKI program experience (Purebred, derived credentials, RA/CRL/OCSP operations)
-Directory Server / LDAP experience
-Experience using AI agents to accelerate development efforts
-Python, Bash, or similar scripting languages
-Package maintenance on Fedora/RHEL
-Agile development methodologies (Scrum, JIRA)
group id: RTL73977