Senior Certificate Engineer (PKI / Active Directory)

About The Position

Requirements

• Bachelor’s degree in Computer Science, Information Technology, or related field (or equivalent experience)
• 7+ years of experience in Enterprise PKI engineering
• 7+ years of experience in Active Directory administration
• Strong experience with Active Directory Certificate Services (AD CS)
• Strong experience with Windows Server environments
• Strong experience with Public certificate authorities (DigiCert, Entrust, Sectigo, etc.)
• Proficiency in scripting and automation (PowerShell preferred)
• Deep understanding of X.509 certificates
• Deep understanding of TLS/SSL protocols
• Deep understanding of Cryptographic algorithms and standards

Responsibilities

• Design and maintain enterprise PKI solutions, including offline root CAs, issuing CAs, and certificate policies
• Lead PKI modernization efforts, including hybrid and cloud-integrated certificate services
• Architect solutions that support high availability, scalability, and security compliance
• Implement and manage Active Directory Certificate Services (AD CS)
• Configure and maintain Certificate templates, Group Policy-based auto-enrollment, CRL distribution points (CDPs) and AIA locations
• Integrate PKI with Active Directory, Azure AD, and hybrid identity environments
• Manage enterprise relationships and integrations with external/public CAs
• Oversee procurement, issuance, renewal, and revocation of public SSL/TLS certificates
• Integrate public CA services into automation workflows and enterprise platforms
• Manage certificate lifecycle processes including Issuance, Renewal, Revocation, and Expiration monitoring
• Implement automation using tools such as PowerShell, ACME / EST / SCEP protocols, and Certificate management platforms
• Ensure PKI solutions meet enterprise security policies and regulatory requirements (e.g., NIST, CIS, HIPAA, PCI)
• Conduct risk assessments related to certificate usage and cryptographic standards
• Maintain secure key management practices, including HSM integration where applicable
• Provide Tier 3 escalation support for PKI and certificate-related issues
• Troubleshoot Authentication failures (TLS, smart card, etc.), Certificate chain issues, and Revocation and CRL distribution problems
• Develop monitoring, alerting, and reporting for certificate health and usage
• Develop and maintain automation scripts and workflows for certificate deployment and management
• Integrate PKI processes with ServiceNow, Azure services, and DevOps pipelines
• Drive adoption of modern certificate management solutions and practices

Benefits

• work flexibility
• learning
• career development
• generous, flexible vacation policy
• educational assistance
• comprehensive leadership and technical development academies
• 401(k) employer match
• comprehensive health benefits