PKI Engineer, Mid

About The Position

Requirements

• Bachelor’s degree in IT, Computer Science, Cybersecurity, or a related field, or equivalent relevant experience.
• 4–7 years of experience in security engineering or infrastructure roles with primary responsibility for architecting and operating PKI and certificate management solutions.
• Deep understanding of PKI architectures, including CA hierarchies, trust models, OCSP/CRL mechanisms, and certificate lifecycle controls.
• Strong familiarity with cryptographic standards and protocols such as TLS, S/MIME, and code signing, and their secure configuration in enterprise environments.
• Hands-on experience with enterprise PKI platforms and associated tooling, including integration with identity and network security services.
• Strong analytical, problem-solving, and communication skills, with the ability to document designs, policies, and operational procedures clearly.
• Ability to obtain and maintain a SECRET security clearance, with U.S. citizenship required.

Nice To Haves

• Experience designing and operating enterprise-grade PKI in regulated or government environments, including integration with hardware security modules and security monitoring tools.
• Advanced security or PKI-focused certifications (for example, CISSP or PKI-specific credentials) that validate expertise in cryptography and certificate management.
• Experience contributing to broader security architectures, policies, and best practices that rely on PKI.

Responsibilities

• Architect, deploy, and operate PKI infrastructures, including certificate authorities, registration authorities, and OCSP/CRL services across on-premises and cloud environments.
• Design and manage scalable certificate lifecycle processes (enrollment, distribution, renewal, revocation, and automation) for large fleets of endpoints, applications, and services.
• Integrate PKI with enterprise systems such as identity platforms, VPN and Wi-Fi authentication, TLS termination, secure email, and code signing, resolving complex interoperability and trust issues.
• Implement and administer PKI platforms and tooling (for example, AD CS, commercial or cloud PKI, HSM-backed key stores, or machine identity management solutions) with appropriate backup, monitoring, and high availability.
• Define and maintain certificate policies, certification practice statements, and PKI runbooks that align with organizational and regulatory security requirements.
• Lead troubleshooting of PKI and certificate-related incidents, including chain and trust failures, protocol misconfigurations, and key management issues, and drive durable remediation.
• Provide expert guidance to security, infrastructure, and application teams on cryptographic standards, key management, and secure PKI usage patterns.