Linux PKI Enterprise Systems Engineer

About The Position

Requirements

• 8+ years of experience in IT with at least 5 years in a dedicated PKI engineering role.
• Bachelor’s degree in Computer Science, Information Security, or a related field, or equivalent work experience.
• In-depth knowledge of PKI concepts, including X.509, certificate lifecycle management, CRL, OCSP, and SCEP.
• Extensive hands-on experience with Linux administration (RHEL, CentOS, or similar), including system hardening and performance tuning.
• Strong proficiency in at least one scripting language, such as Python, Bash, or Perl, for automation and integration.
• Proven experience with managing and integrating Hardware Security Modules (e.g., Thales, Entrust, nCipher).
• Hands-on experience with enterprise-grade PKI platforms (e.g., EJBCA, PrimeKey, Venafi, or Microsoft CA).
• Solid understanding of network protocols and security, including TCP/IP, TLS/SSL, and SSH.
• Experience supporting RMF, STIG implementation, and security compliance in regulated or classified environments, including participation in audits and accreditation processes.
• US citizenship and active DoD Secret clearance required.

Nice To Haves

• Professional certifications such as CISSP, RHCE, or specific PKI vendor certifications are highly desirable.
• Familiarity with DevOps practices and tools (e.g., Ansible, Puppet, Chef, Terraform).
• Experience with container technologies like Docker and Kubernetes.
• Experience managing PKI in a large, complex, and geographically distributed enterprise environment.
• Experience supporting PKI in large-scale, geographically distributed environments with high-availability and mission-critical requirements.

Responsibilities

• Lead the design and architecture of a scalable, resilient, and secure PKI infrastructure.
• Deploy, configure, and manage all aspects of the PKI environment, including Certificate Authorities (CAs), Registration Authorities (RAs), and Hardware Security Modules (HSMs).
• Develop and maintain automation scripts (using Python, Bash, or similar) to streamline certificate lifecycle management, including issuance, renewal, and revocation.
• Manage and maintain the underlying Linux-based systems hosting the PKI services, ensuring high availability and performance.
• Administer and maintain Hardware Security Modules (HSMs) to ensure the security of cryptographic keys.
• Develop, implement, and enforce PKI policies, standards, and procedures.
• Support RMF (Risk Management Framework) processes, ensuring PKI systems align with STIG requirements, security controls, and accreditation standards. Assist with auditing activities and provide artifacts/evidence for system authorization.
• Serve as the highest level of escalation for complex PKI-related issues.
• Work closely with application, network, and other infrastructure teams to integrate PKI and provide certificate management solutions.
• Provide guidance and mentorship to junior engineers and other team members.
• Keep abreast of the latest PKI technologies, standards, and security threats to continually improve our security posture.

Benefits

• competitive compensation
• Health and Wellness programs
• Income Protection
• Paid Leave
• Retirement