Job Description

Job Title: PKI Engineer / PKI Specialist

Job Summary:

We are looking for a skilled PKI Engineer to design, implement, and manage our Public Key Infrastructure systems. This role will be responsible for ensuring secure digital identity, encryption, and authentication mechanisms across the enterprise. The ideal candidate will have deep knowledge of certificate management, cryptographic standards, and experience with tools such as Microsoft ADCS, Venafi, DigiCert, or similar.

Key Responsibilities:

Design, deploy, and maintain

PKI infrastructure

, including Certificate Authorities (CAs), Registration Authorities (RAs), and OCSP/CRL services. Manage

digital certificates

for users, devices, services, and applications, ensuring proper issuance, renewal, and revocation. Support

SSL/TLS certificate lifecycle management

, including integration with web servers, load balancers, and cloud services. Configure and maintain Microsoft ADCS (Active Directory Certificate Services) or third-party PKI solutions (e.g., Venafi, DigiCert, Keyfactor). Define and enforce

certificate policies and practices (CP/CPS)

and align with regulatory and internal compliance standards. Implement

automated certificate management

using scripts or tools to reduce risk and operational overhead. Troubleshoot PKI-related issues including certificate chain validation, enrollment errors, or CRL distribution problems. Provide subject matter expertise on

cryptographic standards

, such as X.509, RSA, ECC, SHA-2, and quantum-safe practices. Collaborate with cybersecurity, cloud, and infrastructure teams to ensure secure, scalable PKI deployments. Assist in audits, penetration testing, and risk assessments related to encryption and identity assurance.

Required Qualifications:

Bachelor's degree in computer science, Cybersecurity, or a related field; or equivalent work experience. 3+ years of experience in PKI design, administration, and support. Hands-on experience with

Microsoft ADCS

and/or enterprise PKI platforms (e.g., Venafi, DigiCert, Keyfactor, AppViewX). Deep understanding of

certificate lifecycle

, cryptographic algorithms, and standards (X.509, RSA, ECC, SHA, etc.). Familiarity with

HSMs (Hardware Security Modules)

and key management practices. Working knowledge of

TLS/SSL

, S/MIME, code signing, email encryption, and secure authentication protocols. Scripting skills in

PowerShell

,

Python

, or Bash for automation.

Preferred Qualifications:

Professional certifications (e.g.,

GIAC GPEN, GCLD, CISSP, Microsoft Certified: Identity and Access Administrator Associate

). Experience with

DevOps/DevSecOps integration

for certificate issuance in CI/CD pipelines. Knowledge of

quantum-resistant cryptography

and NIST PQC standards. * Experience with cloud PKI integration (e.g., AWS ACM, Azure Key Vault, Google Cloud KMS).