PKI Engineer / PKI Specialist

Job Description

Ob Summary We are looking for a skilled PKI Engineer to design, implement, and manage our Public Key Infrastructure systems. This role will be responsible for ensuring secure digital identity, encryption, and authentication mechanisms across the enterprise. The ideal candidate will have deep knowledge of certificate management, cryptographic standards, and experience with tools such as Microsoft ADCS, Venafi, DigiCert, or similar. Key Responsibilities Design, deploy, and maintain PKI infrastructure, including Certificate Authorities (CAs), Registration Authorities (RAs), and OCSP/CRL services. Manage digital certificates for users, devices, services, and applications, ensuring proper issuance, renewal, and revocation. Support SSL/TLS certificate lifecycle management, including integration with web servers, load balancers, and cloud services. Configure and maintain Microsoft ADCS (Active Directory Certificate Services) or third-party PKI solutions (e.g., Venafi, DigiCert, Keyfactor). Define and enforce certificate policies and practices (CP/CPS) and align with regulatory and internal compliance standards. Implement automated certificate management using scripts or tools to reduce risk and operational overhead. Troubleshoot PKI-related issues including certificate chain validation, enrollment errors, or CRL distribution problems. Provide subject matter expertise on cryptographic standards, such as X.509, RSA, ECC, SHA-2, and quantum-safe practices. Collaborate with cybersecurity, cloud, and infrastructure teams to ensure secure, scalable PKI deployments. Assist in audits, penetration testing, and risk assessments related to encryption and identity assurance. Required Qualifications Bachelor?s degree in computer science, Cybersecurity, or a related field; or equivalent work experience. 3+ years of experience in PKI design, administration, and support. Hands-on experience with Microsoft ADCS and/or enterprise PKI platforms (e.g., Venafi, DigiCert, Keyfactor, AppViewX). Deep understanding of certificate lifecycle, cryptographic algorithms, and standards (X.509, RSA, ECC, SHA, etc.). Familiarity with HSMs (Hardware Security Modules) and key management practices. Working knowledge of TLS/SSL, S/MIME, code signing, email encryption, and secure authentication protocols. Scripting skills in PowerShell, Python, or Bash for automation. Preferred Qualifications Professional certifications (e.g., GIAC GPEN, GCLD, CISSP, Microsoft Certified: Identity and Access Administrator Associate). Experience with DevOps/DevSecOps integration for certificate issuance in CI/CD pipelines. Knowledge of quantum-resistant cryptography and NIST PQC standards. Experience with cloud PKI integration (e.g., AWS ACM, Azure Key Vault, Google Cloud KMS).