Senior Systems Administrator (PKI)
About The Position
We are seeking an experienced Senior Systems Administrator – PKI to architect, implement, and manage enterprise Public Key Infrastructure (PKI) services. This role requires deep expertise in certificate services, cryptography, identity security, and enterprise trust models. The successful candidate will ensure the integrity, availability, and security of authentication and encryption services across the organization. Key Responsibilities PKI Architecture & Engineering Design, deploy, and maintain enterprise PKI environments (on‑premises, cloud, and hybrid). Define target‑state PKI architecture, trust models, and operating frameworks. Integrate PKI with enterprise applications, identity platforms, and security services. Certificate Authority & Lifecycle Management Administer Certificate Authorities (root, intermediate, issuing CAs). Manage certificate lifecycle processes: issuance, renewal, revocation, expiration, and CRL/OCSP operations. Implement certificate automation and enrollment services (e.g., SCEP, ACME, EST). Develop and execute key lifecycle management strategies (creation, distribution, rotation, renewal, revocation). Operations, Security & Compliance Ensure PKI systems meet security, compliance, and high‑availability requirements. Perform PKI backups, disaster recovery, and key escrow/recovery procedures. Monitor PKI infrastructure for vulnerabilities, misconfigurations, and emerging threats. Support audits, risk assessments, and compliance initiatives (NIST, FIPS, ISO, CIS). Serve as the senior escalation point for PKI‑related incidents and outages. Troubleshooting & Cross‑Team Collaboration Diagnose and resolve complex certificate, authentication, and encryption issues. Collaborate with security, identity, directory services, network, and application teams. Maintain comprehensive PKI documentation, standards, and operational procedures
Requirements
- Bachelor’s degree in IT, Cybersecurity, or related field (or equivalent experience).
- 8 years of total experience with at least 7 years of systems administration experience, including 4 years dedicated to PKI engineering/administration.
- 4 years of additional experience may be substituted in lieu of a degree.
- Strong understanding of cryptography, certificate trust chains, and enterprise PKI architectures.
- Hands‑on experience with Microsoft AD CS and/or enterprise PKI platforms (e.g., Venafi, Keyfactor, Entrust).
- Proficiency with automation and scripting (PowerShell required; Bash/Python preferred).
- DoD 8140 IAT Level II certification (e.g., Security+).
- Active TS/SCI clearance
Nice To Haves
- Advanced security or PKI certifications (CISSP, CISM, Microsoft, Venafi, etc.).
- Experience supporting Zero Trust architectures and identity‑centric security models.
- Familiarity with compliance frameworks (NIST 800‑53/63, FIPS 140‑2/3, ISO 27001, CIS Controls).
- Experience with HSMs, key vaults, or cloud‑native certificate services (AWS PCA, Azure Key Vault, GCP CAS).
Responsibilities
- PKI Architecture & Engineering Design, deploy, and maintain enterprise PKI environments (on‑premises, cloud, and hybrid).
- Define target‑state PKI architecture, trust models, and operating frameworks.
- Integrate PKI with enterprise applications, identity platforms, and security services.
- Administer Certificate Authorities (root, intermediate, issuing CAs).
- Manage certificate lifecycle processes: issuance, renewal, revocation, expiration, and CRL/OCSP operations.
- Implement certificate automation and enrollment services (e.g., SCEP, ACME, EST).
- Develop and execute key lifecycle management strategies (creation, distribution, rotation, renewal, revocation).
- Ensure PKI systems meet security, compliance, and high‑availability requirements.
- Perform PKI backups, disaster recovery, and key escrow/recovery procedures.
- Monitor PKI infrastructure for vulnerabilities, misconfigurations, and emerging threats.
- Support audits, risk assessments, and compliance initiatives (NIST, FIPS, ISO, CIS).
- Serve as the senior escalation point for PKI‑related incidents and outages.
- Diagnose and resolve complex certificate, authentication, and encryption issues.
- Collaborate with security, identity, directory services, network, and application teams.
- Maintain comprehensive PKI documentation, standards, and operational procedures
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Mid Level
