Staff PKI Systems Engineer

Staff PKI Systems Engineer

Fastly helps people stay better connected with the things they love. Fastly’s edge cloud platform enables customers to create great digital experiences quickly, securely, and reliably by processing, serving, and securing our customers’ applications as close to their end-users as possible — at the edge of the Internet. The platform is designed to take advantage of the modern internet, to be programmable, and to support agile software development. Fastly’s customers include many of the world’s prominent companies, including GitHub, Yelp, Paramount, and JetBlue.

We're building a more trustworthy Internet. Come join us.

About the Role

As a Staff PKI Systems Engineer, you will help build and operate Certainly, Fastly's publicly-trusted TLS certification authority. Built on Boulder, the same open-source software that powers Let's Encrypt, Certainly delivers widely trusted, short-validity certificates at scale to help secure the internet. You will own the architecture and operational excellence of complex PKI systems while mentoring a dedicated team of engineers. Integrating deep security expertise with software development, you will solve ambiguous, internet-facing engineering challenges to meet strict industry compliance and reliability goals. This is a high-impact role where your designs will directly protect Fastly customers and the broader web.

What You'll Do

• Own the design and implementation of security-critical PKI infrastructure, including major refactors and new capabilities.
• Lead cryptographic operations including key ceremonies, credential management, and multi-datacenter failover procedures.
• Drive technical strategy for system hardening, automation, and resilience across ephemeral, containerized microservices and HSM environments.
• Investigate and solve complex, ambiguous engineering problems and production incidents, creating proof-of-concepts and performing root cause analysis with a focus on security, automation, observability and stability.
• Collaborate with TLS client, SRE, Security, and Product Engineering teams to translate complex business requirements and compliance standards (WebTrust, PCI) and evolve our infrastructure.
• Mentor team members and foster a culture of technical excellence, providing guidance on design, performance, and cross-team collaboration.

What We're Looking For

• Extensive experience designing, implementing, and maintaining distributed systems on Linux with a focus on automation and continuous monitoring. Most Staff Engineers at Fastly have more than 7 years of related experience.
• Strong software development background (Go or similar) with a track record of owning the design phases of broadly scoped work or major refactors.
• Deep understanding of applied cryptography, PKI architecture, and standards such as RFC 5280 and RFC 8555 (ACME).
• Proven ability to lead technical decision-making, write clear design documents, and influence architectural discussions across multiple teams.
• Experience building highly secure environments, including vulnerability management, system hardening, and intrusion detection.
• Demonstrated ability to mentor engineers and help them understand the impact of their work on customers and stakeholders.

We’ll be super impressed if you have experience in any of these:

• Operating a publicly-trusted CA or large-scale PKI, particularly work with ACME.
• Hardware Security Module (HSM) configuration and operation.
• Go programming with experience debugging production systems.
• High-availability database administration.
• Container orchestration in security-sensitive environments.
• Working in highly regulated environments (WebTrust, SOC 2, PCI).

Work Hours

This position will require you to be available during core business hours in North America and occasional nights and weekends as needed for on call support.

Work Location(s) & Travel Requirements

This position is open to Hybrid And Remote Work Locations. The preferred office locations for this position are: San Francisco, CA; New York, NY; Denver, CO. Fastly currently embraces a largely hybrid model for most roles which allows employees flexibility to split their time between the office and home. There is a preference for Hybrid near a local office. However, we may be willing to consider remote candidates within the US. This position will require occasional travel (1-2 times/year) as required by your role or requested by your manager.

Salary

The estimated salary range for this position in the US is $211,370 to $253,644. Starting salary may vary based on permissible, non-discriminatory factors such as experience, skills, qualifications, and location. This role may be eligible to participate in Fastly’s equity and discretionary bonus programs.

Benefits

We care about you. Fastly works hard to create a positive environment for our employees, and we think your life outside of work is important too. We support our teams with great benefits that start on the first day of your employment with Fastly. We offer a comprehensive benefits package including medical, dental, and vision insurance. Family planning, mental health support along with Employee Assistance Program, Insurance (Life, Disability, and Accident), a Flexible Vacation policy and up to 18 days of accrued paid sick leave are there to help support our employees. We also offer 401(k) (including company match) and an Employee Stock Purchase Program. For 2026, we offer 11 paid local holidays, 12 paid company wellness days.

Why Fastly?

We have a huge impact. Fastly is a small company with a big reach. Not only do our customers have a tremendous user base, but we also support a growing number of open source projects and initiatives. Outside of code, employees are encouraged to share causes close to their heart with others so we can help lend a supportive hand. We value diversity. Growing and maintaining our inclusive and diverse team matters to us. We are committed to being a company where our employees feel comfortable bringing their authentic selves to work and have the ability to be successful -- every day. We are passionate. Fastly is chock full of passionate people and we’re not ‘one size fits all’. Fastly employs authors, pilots, skiers, parents (of humans and animals), makeup geeks, coffee connoisseurs, and more. We love employees for who they are and what they are passionate about.

Key skills/competency

• Staff PKI Systems Engineer
• PKI Systems
• Cryptography
• TLS Certificates
• ACME Protocol
• Linux
• Go
• Distributed Systems
• Security
• Automation