Apple is where individual imaginations gather together, committing to the values that lead to great work. Every new product we build, service we create, or Apple Store experience we deliver, is the result of us making each other’s ideas stronger. That happens because every one of us shares a belief that we can make something wonderful and share it with the world, changing lives for the better. It’s the diversity of our people and their thinking that inspires the innovation that runs through everything we do. When we bring everybody in, we can do the best work of our lives. Here, you’ll do more than join something — you’ll add something. The Crypto Services team powers Apple’s promise of privacy and security by protecting some of the most sensitive data at Apple - cryptographic keys. These are the people who run Apple’s Public Key Infrastructure (PKI). And they do it on a massive scale, meeting Apple’s high expectations with highly available, fault-tolerant PKI and encryption services that are leveraged by almost every Apple product including Mac, iPad, iPhone, Watch, Vision, AirPods, TV & Home, Entertainment, Accessories as well as our corporate systems and retail stores.

Description

Crypto Services PKI Engineers partner with engineers across the company who build secure, end-to-end solutions to provide digital certificate solutions. Thanks to Apple’s unique integration of certificate subscribers, relying parties, and PKI, PKI Engineers partner with teams across Apple to get behind a single unified vision. Our vision always includes a deep commitment to strengthening Apple’s security posture and privacy policy, one of Apple’s core values. Although certificates are integrated into a larger part of Apple’s business than ever before, the team remains small, forward-thinking, and cross-functional, offering greater exposure to the array of opportunities within Crypto Services. We are looking for someone to drive Apple’s ongoing PKI Engineering needs within the Crypto Services organization.IN THIS ROLE YOU WILL: - Lead, from an engineering standpoint, all aspects of PKI integration projects including scope, requirements, and timelines- Serve as a PKI subject matter expert for the rest of Apple and consult with teams on their PKI needs- Design and create PKI configurations for X.509 certificate generation and revocation. - Perform data analysis to drive CA lifecycle management- Ensure Apple PKI continues to use modern algorithms and keys and plans ahead for a post quantum future- Support the PKI Compliance team by maintaining and developing software for automating compliance - Own and maintain Certificate Policies (CP) and Certificate Practice Statements (CPS)

Minimum Qualifications

  • 3+ years of large-scale enterprise PKI industry experience
  • Experience in creating and maintaining Certificate Policies and Certificate Practice Statements

Key Qualifications

Preferred Qualifications

  • 3+ years of public PKI industry experience (WebTrust or ETSI)
  • Working knowledge of root program and CA/B Forum Requirements
  • Experience operating within a WebTrust-compliant control environmentExperience integrating digital certificates with applications and services
  • Experience as a PKI subject matter expert for large organizations on their PKI needs
  • Working knowledge of PKI industry best practices and relevant standards and requirements (e.g. RFC’s 2560, 3647, 5280, 8555)
  • 2+ years of expertise with scripting languages such as Bash or Python
  • Ability to use OpenSSL or other similar utility to view certificates, CRLs, and OCSP responses.
  • Strong interpersonal and leadership skills, including team-building, conflict resolution, and management
  • Ability to communicate clearly and effectively partner, influence, and instill confidence with key partners (e.g. PM’s, engineers, auditors)
  • Experience with Splunk, Github and the Atlassian tool suite
  • Able to create proof of concept PKIs using OpenSSL
  • Working knowledge of PQC

Education & Experience

Additional Requirements

Pay & Benefits

  • At Apple, base pay is one part of our total compensation package and is determined within a range. This provides the opportunity to progress as you grow and develop within a role. The base pay range for this role is between $195,500 and $293,800, and your base pay will depend on your skills, qualifications, experience, and location.

    Apple employees also have the opportunity to become an Apple shareholder through participation in Apple’s discretionary employee stock programs. Apple employees are eligible for discretionary restricted stock unit awards, and can purchase Apple stock at a discount if voluntarily participating in Apple’s Employee Stock Purchase Plan. You’ll also receive benefits including: Comprehensive medical and dental coverage, retirement benefits, a range of discounted products and free services, and for formal education related to advancing your career at Apple, reimbursement for certain educational expenses — including tuition. Additionally, this role might be eligible for discretionary bonuses or commission payments as well as relocation. Learn more about Apple Benefits.

    Note: Apple benefit, compensation and employee stock programs are subject to eligibility requirements and other terms of the applicable plan or program.

  • Apple is an equal opportunity employer that is committed to inclusion and diversity. We take affirmative action to ensure equal opportunity for all applicants without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, Veteran status, or other legally protected characteristics. Learn more about your EEO rights as an applicant.