Senior PKI Engineer

General Dynamics Information TechnologyFalls Church, VA
20h$124,093 - $142,706Hybrid

About The Position

Position Summary The Senior PKI Engineer is responsible for designing, implementing, securing, and maintaining enterprise Public Key Infrastructure (PKI) services that support mission-critical authentication, encryption, digital signature, and certificate lifecycle operations. This role requires a general understanding of PIV implementation in the government space.

Requirements

  • Cloud Integrations
  • Public Key Infrastructure (PKI) Operations
  • SSL Certificate Management
  • US Citizenship Required: Yes
  • Education: Bachelor’s degree in Computer Science, Cybersecurity, Engineering, or equivalent experience.
  • Experience: 7+ years of hands-on experience in PKI engineering, certificate services, and cryptographic system management.
  • Deep expertise with: Microsoft Active Directory Certificate Services (ADCS) Various HSMs (Thales, SafeNet, AWS CloudHSM, etc.) OCSP/CRL infrastructure TLS/SSL, S/MIME, and device certificates Smart card and PIV/CAC authentication systems
  • Strong understanding of: NIST standards (e.g., SP 800-57, 800-131A, 800-63) FIPS 140-2/3 compliance Cryptography and key algorithms (X.509, ASN.1, RSA/ECC/PQC)
  • Proficiency in scripting/automation via PowerShell, Python, or Bash.
  • Background in solving vulnerability management challenges and addressing POA&M items.
  • Expertise in leading key ceremonies and managing cryptographic material securely.
  • Proficiency in networking, firewall rule implementations, and TLS/SSL troubleshooting.
  • In-depth knowledge of Windows environments, including certificate installation for CAPI and diverse applications/appliances.
  • Experience in SNMP monitoring, SIEM/syslog tools, and Docker troubleshooting.
  • Familiarity with VPN solutions (e.g., Cisco Secure Client) and NAC protocols like 802.1X.

Nice To Haves

  • Knowledge and experience with PQC migration and NIST PQC algorithm adoption.
  • Familiarity with identity and access management (IAM/IAG) platforms, IDMS, and federation systems.
  • Hands-on experience with cloud-native PKI solutions (e.g., Azure Key Vault, AWS ACM Private CA).
  • Relevant certifications, such as: CISSP CCSP Security+ Microsoft security certifications
  • Experience in high-assurance or federal agency-regulated environments.

Responsibilities

  • Administer enterprise PKI systems, including Certificate Authorities (CAs), Online Certificate Status Protocol (OCSP) responders, Hardware Security Modules (HSMs), and certificate lifecycle service products.
  • Deep understanding and application of PKCS standards.
  • Implement PKI in hybrid or cloud-based environments such as Azure, AWS, and Google Cloud Platform (GCP).
  • Manage and configure Microsoft Active Directory Certificate Services (ADCS).
  • Support the automation of certificate issuance, renewal, monitoring, and compliance reporting processes.
  • Provide Tier III support for PKI, certificate-based authentication, TLS/SSL, smart cards, and identity management systems.
  • Troubleshoot issues such as certificate chain validation, revocation, OCSP/CRL failures, and integration challenges.
  • Ensure high availability, redundancy, and disaster recovery readiness for PKI services.
  • Support for post-quantum cryptography (PQC) transitions and compliance with emerging NIST standards.
  • Integrate cost-efficient open-source cryptographic libraries and JRE/JDK solutions.
  • Support zero-trust architecture strategies and cloud migration efforts.
  • Explore and evaluate new technologies to enhance scalability, automation, and security.

Benefits

  • Our benefits package for all US-based employees includes a variety of medical plan options, some with Health Savings Accounts, dental plan options, a vision plan, and a 401(k) plan offering the ability to contribute both pre and post-tax dollars up to the IRS annual limits and receive a company match.
  • To encourage work/life balance, GDIT offers employees full flex work weeks where possible and a variety of paid time off plans, including vacation, sick and personal time, holidays, paid parental, military, bereavement and jury duty leave.
  • To ensure our employees are able to protect their income, other offerings such as short and long-term disability benefits, life, accidental death and dismemberment, personal accident, critical illness and business travel and accident insurance are provided or available.
  • We regularly review our Total Rewards package to ensure our offerings are competitive and reflect what our employees have told us they value most.
© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service