PKI Systems Engineer

About The Position

Requirements

• Bachelor's degree in information technology, engineering, computer science, related field, or equivalent experience.
• 5+ years of experience in PKI, IT security, or related roles, with a strong focus on one or all of these certification authorities (EJBCA, Microsoft CA, Entrust).
• Deep understanding of cryptographic protocols and algorithms.
• Proficiency with either EJBCA, Entrust, or Microsoft Certificate Authority.
• Familiarity with industry standards such as X.509, PKCS, and others.
• Virtualization technologies - VMWare ESXI, vCenter, VMWare NSX.
• Working knowledge of external storage solutions, storage area networks (SANs), and Fiber Channel networks.
• Ability to troubleshoot and resolve network/application/operating system issues.
• Excellent MS-Windows Server administration & maintenance skills.
• US Citizenship and ability to obtain top secret clearance.

Nice To Haves

• Proficiency in enabling self-service workflow, orchestration, and compliance control.
• Scripting Skills (PowerShell, Bash &/or Python): Proficiency in scripting with Bash and/or Python.
• Experience with one or more Credential Management Systems (CMS) with experience integrating with all facets of certificate lifecycle.
• Experience with monitoring tools and technologies.
• Demonstrated experience in automating IT processes.
• Knowledge of Splunk for log management and analysis.
• Experience supporting/securing cloud-based services and implementing AWS and Azure cryptography, encryption and key management best practices and policies.

Responsibilities

• Perform all aspects of systems design and PKI engineering in support of various PKI systems deployed at the Department of State.
• Manage and maintain enclaved server hardware, storage, switches, server operating systems, and Hardware Security Modules (HSMs).
• Provide in-depth subject matter expertise for engineering support related to Public Key Infrastructure (PKI) systems, especially in a government setting.
• Maintain existing PKI systems - patch existing systems, deploy new components based on customer demand.
• Assist in evaluating and deploying solutions to support modern authentication (i.e SAML based authentication, FIDO2, PIV Derived Credential, etc.).
• Assist in designing and deploying solutions in support of migrating to a Zero Trust Architecture environment.
• Perform problem analysis following any service issues to prevent recurrence.
• Identify security risks to customer systems and suggest mitigations.
• Design, build, and manage PKI enclaves conforming to the policies and standards of the Department of State, HSPD-12, FBCA, NIST, and other policies and standards as required.
• Identify security architectures and implementation gaps, vulnerabilities, and risks; develop, test, and implement solutions to address the gaps, and new or updated requirements.
• Develop test cases for software/hardware testing and develop test evaluation reports for stakeholders.
• Develop and update systems documentation (e.g., ConOps, Operating procedures, systems architecture documents).
• Ensure the NIST 800-53 Rev. 4 security controls, where applicable, are in place and validated on all PKI systems.
• Contribute to the technical direction on all areas of PKI architecture, strategies, and automation and enforce governance and standards.

Benefits

• Flexible work options based on customer request.
• Ongoing application acceptance with no deadline.