Senior PKI Engineer

About The Position

Requirements

• U.S. Citizen. No Dual Citizens.
• Candidate requires a Secret Clearance to Interview. Final clearance required is TS.
• Minimum 12 years of experience with no degree.
• Active DoD 8140 IAT Level II Security+ (or higher) or ability to obtain within 90 days of hire.
• Ability to work in a hybrid capacity, with up to 3 business days per week onsite in Fairfax, VA.
• Experience with: Administering enterprise PKI and certificate management environments.
• Experience with: Automating certificate management and infrastructure processes.
• Experience with: Microsoft Active Directory Certificate Services (AD CS) or comparable PKI platforms.
• Experience with: Developing automation using PowerShell, Python, Bash, REST APIs, or infrastructure-as-code tools.
• Experience with: Windows Server and/or Linux administration.
• Strong knowledge of: TLS/SSL protocols.
• Strong knowledge of: Certificate authorities and registration authorities.
• Strong knowledge of: PKI architecture and trust models.
• Strong knowledge of: Cryptographic algorithms and key management.
• Strong knowledge of: Smart card and MFA technologies.
• Understanding of enterprise security architecture and cybersecurity best practices.
• Ability to troubleshoot authentication and certificate-related issues across enterprise systems.
• Strong problem-solving and decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate solution.
• Highly developed interpersonal and oral/written communication skills, with the ability to effectively and professionally interact with a diverse set of stakeholders (from peers to end-users to executive management).

Responsibilities

• Architect, deploy, configure, and maintain enterprise PKI environments and certificate authority infrastructure.
• Automate certificate lifecycle management processes including certificate issuance, renewal, revocation, rotation, and expiration monitoring.
• Develop and maintain automation scripts, APIs, and workflows for PKI and certificate management using tools such as PowerShell, Python, Ansible, Terraform, or similar technologies.
• Implement automated certificate enrollment and management solutions for servers, applications, network devices, containers, and cloud platforms.
• Administer internal and external certificate authorities (Microsoft CA, Entrust, DigiCert, EJBCA, or similar platforms).
• Implement and maintain TLS/SSL certificates across enterprise systems and environments.
• Troubleshoot PKI-related issues involving authentication, encryption, trust relationships, and certificate validation.
• Support identity and access management integrations using certificates, smart cards, and multifactor authentication technologies.
• Ensure PKI systems comply with organizational security policies and applicable standards such as NIST, FIPS, DISA STIGs, FedRAMP, or FISMA requirements.
• Collaborate with cybersecurity, DevSecOps, cloud, network, and systems engineering teams to integrate secure certificate management into enterprise platforms and CI/CD pipelines.
• Participate in incident response activities involving cryptographic systems, certificate compromise, or trust-related issues.
• Maintain technical documentation, architecture diagrams, standard operating procedures, and configuration baselines.
• Other duties, as assigned.