You will be a critical member of the Customer Router Security team, specifically tasked with the strategic initiative to build and run our Public Key Infrastructure (PKI) infrastructure. This project is critical to fulfilling Verizon’s Network Security priorities and fundamentals at scale. We are seeking a highly experienced and technically profound Principal Engineer specializing in Public Key Infrastructure (PKI) to join our security team. This role is crucial for designing, building, and maintaining the global PKI ecosystem that underpins our security, cryptographic services, and identity management across the entire enterprise. The ideal candidate will be a recognized subject matter expert, capable of setting technical strategy, mentoring junior engineers, and driving the implementation of cutting-edge, secure, and highly available PKI solutions. The Principal Engineer will bring hands-on experience in applying best practices, managing stakeholder expectations, collaboration of solution approaches, and positioning implementations for ongoing success. He/ She would also be comfortable pitching solutions and gaining the buy-in from the various teams including senior leaders. Additionally, this position will require a rich understanding of routing, tunneling, and D - Do. S mitigation. This position will be included in the on-call rotation. Primary Responsibilities:Define the long-term technical vision and architectural roadmap for our global PKI environment, including Certificate Authorities (C - As), Hardware Security Modules (HS - Ms), and certificate lifecycle management (CLM) platforms. Lead the design and implementation of next-generation cryptographic services, focusing on automation, scalability, and compliance with industry standards (e.g., NIST, CA/ Browser Forum). Evaluate, recommend, and integrate new PKI-related technologies and services, such as post-quantum cryptography readiness, cloud PKI services, and advanced HSM deployments. Serve as the highest escalation point for complex PKI, certificate, and cryptographic service issues, providing expert troubleshooting and resolution. Lead the deployment, configuration, and maintenance of high-assurance C - As, OCSP/ CRL responders, and HSM infrastructure across diverse environments (on-premises and cloud). Develop and maintain robust, self-service automation tools (using scripting and orchestration platforms) to streamline certificate provisioning, renewal, and revocation enabling automation and orchestration. Ensure the operational health, performance, and compliance of all PKI systems through continuous monitoring, auditing, and patching. Provide technical leadership and mentorship to PKI and security engineering teams, fostering a culture of excellence, security-first design, and continuous learning. Document technical standards, procedures, and architectural decisions clearly for both technical and non-technical audiences. Collaborate with audit, compliance, legal, and other security teams to ensure PKI systems meet strict regulatory and internal policy requirements. Drive cross-functional initiatives to integrate PKI and cryptographic solutions to secure applications and manage certificate lifecycles. - - - This role can be located in any US based Verizon hub location. - - - You’ll need to have:Bachelor’s degree or four or more years of work experience. Six or more years of relevant experience required, demonstrated through one or a combination of work and/or military experience, or specialized training . years of progressive experience in Information Security, with a minimum of 7 years focused specifically on designing, managing, and maintaining large-scale enterprise PKI and cryptographic systems. Deep, hands-on experience with commercial and/or open-source CA platforms (e.g., Microsoft AD CS, Entrust, Venafi, EJBCA, Vault PKI). Expert-level knowledge of cryptographic primitives, protocols (e.g., TLS/ SSL, S/ MIME, I - Psec), certificate formats (X.509), and associated standards. Proven expertise in managing, configuring, and deploying Hardware Security Modules (HS - Ms) from major vendors (e.g., Thales, n. Cipher, Utimaco). Strong proficiency in automation and scripting (e.g., Python) and experience with infrastructure-as-code tools (e.g., Ansible). Even better if you have one or more of the following:Master’s degree in a relevant technical field. Demonstrated hands-on experience with Keyfactor. Experience with PKI deployments in cloud environments (e.g., AWS ACM, Azure Key Vault, Google Cloud KMS). In-depth knowledge of CA operations, key management best practices, and compliance standards (e.g., Web. Trust/ ETSI, CA/ Browser Forum Baseline Requirements). Experience in mitigating advanced cryptographic threats and preparing for future challenges like post-quantum cryptography. Demonstrated ability to drive complex projects to completion and influence technical direction across multiple teams. Knowledge of Distributed Denial of Service Attacks. Demonstrated strong written and communication skills. Experience in Google Suite. Knowledge of Network & Security protocols (ex: TCP/ IP)Juniper routing, Palo Alto Firewall, and F 5 Load Balancer knowledge.