Senior PKI / Certificate Management Engineer [REMOTE]

About The Position

Requirements

• 5+ years of hands-on experience supporting Microsoft ADCS / PKI
• Strong Active Directory administration experience (GPOs, permissions, service accounts)
• Experience managing OCSP responders and CRLs
• Hands-on experience with Hardware Security Modules (HSMs)
• Experience with certificate lifecycle management
• Strong written and verbal communication skills; capable of working with cross-functional teams.
• Bachelor's degree in CS, IT or an Engineering discipline

Nice To Haves

• PowerShell scripting experience for automation and operational efficiency
• Experience with implementing monitoring, alerting, and reporting using Splunk
• Visio experience for architecture and process documentation
• Experience operating in regulated or compliance-driven environments
• Experience with Venafi Trust Protection Platform / CyberArk Certificate Manager
• Experience with Intercede MyID or other smart card CMS platforms
• External/public certificate management (Sectigo, DigiCert, GoDaddy)
• GoDaddy domain registration and DNS fundamentals
• Experience using ServiceNow for incident/change/request workflows
• Familiarity with CMMC, NIST, or similar compliance frameworks
• Experience supporting Windows Hello for Business, smart card logon, or certificate-based authentication
• Experience with Azure Key Vault
• Experience modernizing or automating legacy PKI environments
• Proficiency in utilizing tools such as Certutil and/or OpenSSL to create, analyze, and manage digital certificates, Certificate Revocation Lists (CRLs), and Online Certificate Status Protocol (OCSP) responses, including configuration and management of distribution points.
• Interfacing with internally hosted Certificate Authorities and upgrading and deploying PKI to all environments
• CompTIA Security+ or CISSP
• Master's degree in CS, IT or an Engineering discipline

Responsibilities

• Design, implement, and support Active Directory Certificate Services (ADCS), including root and issuing Certificate Authorities (CAs)
• Manage and maintain PKI infrastructure, including:
• Certificate Authorities (CAs)
• Online Responders (OCSP)
• CRL distribution points
• Support external/public certificates (e.g., Sectigo, DigiCert, GoDaddy)
• Administer and integrate Hardware Security Modules (HSMs) for private key protection
• Ensure cryptographic standards and key management practices align with compliance requirements
• Leverage strong Active Directory expertise to support PKI operations:
• Certificate templates
• Group Policy
• Auto-enrollment
• Service accounts and permissions
• Troubleshoot complex identity and authentication issues related to certificates and smart cards
• Administer and enhance Venafi Trust Protection Platform / CyberArk Certificate Manager
• Support certificate discovery, policy enforcement, and automation
• Integrate certificate management platforms with enterprise tooling
• Support smart card infrastructure and credential issuance
• Administer Intercede MyID Credential Management System (CMS)
• Participate in incident response, root cause analysis, and continuous improvement efforts
• Ensure PKI operations align with CMMC, NIST (800-53, 800-171), and other regulatory frameworks
• Support audits and compliance reviews related to cryptographic services

Benefits

• health, dental, and vision insurance
• health savings accounts
• a 401(k) savings plan
• disability coverage
• life and accident insurance
• an employee assistance program
• a legal plan
• discounts on things like home, auto, and pet insurance
• paid time off
• paid holidays
• paid parental, military, bereavement, and any applicable federal and state sick leave
• Employees may participate in the company recognition program to receive monetary or non-monetary recognition awards.