SITEC - Senior PKI Architect - MacDill AFB

Peraton•MacDill AFB, FL

2d•Onsite

About The Position

Peraton requires a Senior Public Key Infrastructure (PKI) Architect to support the Special Operation Command Information Technology Enterprise Contract (SITEC) – 3.  This position is located at MacDill AFB. The purpose of the Special Operations Forces Information Technology Enterprise Contract(SITEC) 3 Enterprise Operations and Maintenance (EOM) Task Order (TO) is to provide USSOCOM, its Component Commands, its Theater Special Operations Commands (TSOCs),and its deployed forces with Operations and Maintenance (O&M) services to maintain Network Operations (NetOps); maintain systems and network infrastructure; provide end user and common device support; provide configuration, change, license, and asset management; conduct training, and perform Install, Move, Add, Change (IMACs) services. The responsibilities and tasks associated with each requirement play a pivotal role to USSOCOM, the CIO/J6 organization, and ultimately the end-user who operate around the globe 24x7x365. The Senior Public Key Infrastructure (PKI) Systems Architect is a pivotal and expert-level responsible for the design, management, and enhancement of global enterprise PKI services. This position provides Tier 3 systems support aligned with organizational operational orders and security best practices. The ideal candidate possesses deep expertise in government software and. hardware, advanced skills in system analysis, design, and troubleshooting, and the ability to innovate and implement cutting-edge technologies. This role involves mentoring junior staff and requires effective engagement with a variety of technical and non-technical stakeholders.

Requirements

Min 12 years with HS degree, 10 years with AS/AA degree, 8 years with BS/BA, 6 years with MS/MA, 3 years with PhD
DoD 8570 IAT II Certification
TS/SCI clearance is required
Minimum of 3 years of relevant IT experience, with a proven record of accomplishment in a senior or lead systems role.
Minimum of 3 years of experience with RedHat Linux PKI suite and Hypori platforms.
Significant experience managing production of Windows Servers and implementing enterprise-level security practices.
Strong background in the design, implementation, and management of Microsoft Windows domains and PKI Infrastructure.
Demonstrated proficiency in Microsoft Windows Server 2016/2019/2022/2024 and associated technologies.
Expertise in PKI, including certificate template configuration, issuance, revocation, and troubleshooting,
Proficiency with scripting languages, particularly PowerShell.
Advanced scripting skills in Bash for automating PKI tasks, such as certificate issuance, renewal, and system configuration.
Experience with Ansible or similar configuration management tools for managing and automating PKI and system configuration at scale.
Proficiency in Python for more complex scripting tasks and integration with other systems.
Generate and manage X.509 certificates and private keys for system services and their integration with certificate authorities
Install and troubleshoot third-party certificate software and integrate with certificate revocation software such as Axway

Nice To Haves

MCSE (Microsoft Certified Expert), OR Microsoft 365 Certified: Enterprise Administration Expert, OR Microsoft Certified Associate relevant to the work area.

Responsibilities

Lead the full lifecycle management of critical IT services, including planning, deployment, maintenance, and optimization of the entire PKI infrastructure.
Automate certificate provisioning, renewal, and revocation to reduce manual errors and expiration risk.
Operate and maintain the PKI Authority across multiple security domains and operating systems. This includes daily management of Certificate Authorities (CAs), Online Certificate Status Protocol (OCSP) Servers, Hardware Security Modules (HSMs), Network Device Enrollment Services (NDES), and Active Directory Certificate Services (ADCS).
Manage and maintain PKI components across diverse platforms, including RedHat Linux (RHEL), Windows Server (2016, 2019, 2022, 2024), and virtual environments like vSphere. Ensure consistent platform-level authentication across Windows and Linux systems.
Manage Red Hat-based CAs using tools like Dogtag PKI and oversee large-scale patching and configuration management with Red Hat Satellite and Ansible. Support containerized infrastructure using technologies such as Podman and manage X.509 certificates and private keys for RHEL system services.
Enforce security policies and implement best practices for certificate management, including administrative tasks related to certificate issuance and revocation.
Conduct regular vulnerability assessments and risk analyses on the PKI infrastructure.
Provide Tier 3 support to mission partners, diagnosing and resolving complex system outages and performance issues to ensure optimal service uptime and operational capabilities, troubleshoot issues related to certificate expiration and related system outages.
Ensure robust global smart card authentication and support advanced mobility platforms, including Hypori and MobileIron, to advance mission readiness.
Configure and maintain various PKI-related tools and software, such as ISC Cert Agent Servers and Axway/Tumbleweed Certificate Revocation Software. Install and troubleshoot third-party Common Access Card (CAC) software.
Use scripting languages like PowerShell, Bash, and Python to automate administrative tasks, optimize performance, and improve efficiency.
Integrate PKI solutions with other systems, including Active Directory, cloud services, and Mobile Device Management (MDM) solutions. Implement new technologies to advance PKI capabilities.
Provide training and mentorship to junior PKI Systems Administrators on standard configurations and PKI capabilities.
Participate in working groups, design reviews, and system testing.
Maintain strong technical writing skills to produce comprehensive documentation, including policies and operational procedures.