Senior PKI Engineer

About The Position

Requirements

• Cloud Integrations
• Public Key Infrastructure (PKI) Operations
• SSL Certificate Management
• US Citizenship Required: Yes
• Education: Bachelor’s degree in Computer Science, Cybersecurity, Engineering, or equivalent experience.
• Experience: 7+ years of hands-on experience in PKI engineering, certificate services, and cryptographic system management.
• Deep expertise with: Microsoft Active Directory Certificate Services (ADCS) Various HSMs (Thales, SafeNet, AWS CloudHSM, etc.) OCSP/CRL infrastructure TLS/SSL, S/MIME, and device certificates Smart card and PIV/CAC authentication systems
• Strong understanding of: NIST standards (e.g., SP 800-57, 800-131A, 800-63) FIPS 140-2/3 compliance Cryptography and key algorithms (X.509, ASN.1, RSA/ECC/PQC)
• Proficiency in scripting/automation via PowerShell, Python, or Bash.
• Background in solving vulnerability management challenges and addressing POA&M items.
• Expertise in leading key ceremonies and managing cryptographic material securely.
• Proficiency in networking, firewall rule implementations, and TLS/SSL troubleshooting.
• In-depth knowledge of Windows environments, including certificate installation for CAPI and diverse applications/appliances.
• Experience in SNMP monitoring, SIEM/syslog tools, and Docker troubleshooting.
• Familiarity with VPN solutions (e.g., Cisco Secure Client) and NAC protocols like 802.1X.

Nice To Haves

• Knowledge and experience with PQC migration and NIST PQC algorithm adoption.
• Familiarity with identity and access management (IAM/IAG) platforms, IDMS, and federation systems.
• Hands-on experience with cloud-native PKI solutions (e.g., Azure Key Vault, AWS ACM Private CA).
• Relevant certifications, such as: CISSP CCSP Security+ Microsoft security certifications
• Experience in high-assurance or federal agency-regulated environments.

Responsibilities

• Administer enterprise PKI systems, including Certificate Authorities (CAs), Online Certificate Status Protocol (OCSP) responders, Hardware Security Modules (HSMs), and certificate lifecycle service products.
• Deep understanding and application of PKCS standards.
• Implement PKI in hybrid or cloud-based environments such as Azure, AWS, and Google Cloud Platform (GCP).
• Manage and configure Microsoft Active Directory Certificate Services (ADCS).
• Support the automation of certificate issuance, renewal, monitoring, and compliance reporting processes.
• Provide Tier III support for PKI, certificate-based authentication, TLS/SSL, smart cards, and identity management systems.
• Troubleshoot issues such as certificate chain validation, revocation, OCSP/CRL failures, and integration challenges.
• Ensure high availability, redundancy, and disaster recovery readiness for PKI services.
• Support for post-quantum cryptography (PQC) transitions and compliance with emerging NIST standards.
• Integrate cost-efficient open-source cryptographic libraries and JRE/JDK solutions.
• Support zero-trust architecture strategies and cloud migration efforts.
• Explore and evaluate new technologies to enhance scalability, automation, and security.

Benefits

• Our benefits package for all US-based employees includes a variety of medical plan options, some with Health Savings Accounts, dental plan options, a vision plan, and a 401(k) plan offering the ability to contribute both pre and post-tax dollars up to the IRS annual limits and receive a company match.
• To encourage work/life balance, GDIT offers employees full flex work weeks where possible and a variety of paid time off plans, including vacation, sick and personal time, holidays, paid parental, military, bereavement and jury duty leave.
• To ensure our employees are able to protect their income, other offerings such as short and long-term disability benefits, life, accidental death and dismemberment, personal accident, critical illness and business travel and accident insurance are provided or available.
• We regularly review our Total Rewards package to ensure our offerings are competitive and reflect what our employees have told us they value most.