PKI Lead Engineer

Job Details

PKI Lead Engineer

Full Telework

US Citizenship Required

We are looking for an experienced candidate to lead the design and operation of mission-critical PKI services that power secure authentication, encryption, and access across a federal environment.

The PKI Lead Engineer serves as the senior technical authority for the design, implementation, and sustainment of enterprise Public Key Infrastructure services that enable secure authentication, encryption, and digital signatures across the client's IT environment. This role leads the lifecycle management of digital certificates and cryptographic keys, ensuring resilient, compliant, and well-governed PKI capabilities that protect sensitive information and support mission critical access control.

Key Responsibilities

• Lead the design, implementation, and ongoing operations of enterprise PKI infrastructures, including root and subordinate certificate authorities, registration authorities, and associated hardware and software components.

• Manage the full lifecycle of digital certificates and cryptographic keys for users, devices, applications, and services, including issuance, renewal, suspension, and revocation with strong controls and automation.

• Develop, document, and enforce PKI policies, certification practice statements, standards, and procedures aligned to enterprise security and regulatory requirements.

• Integrate PKI services with identity and access management platforms, directory services, network security controls, and secure application architectures to enable strong authentication and encryption.

• Monitor, audit, and assess PKI infrastructure health and compliance, performing regular reviews, root cause analyses, and remediation activities to maintain high availability and integrity.

• Lead the evaluation, selection, and implementation of PKI related tools, including certificate discovery, management, and automation solutions, and recommend improvements to strengthen cryptographic services.

• Collaborate with security operations and application teams to analyze and respond to PKI related incidents, vulnerabilities, and findings, including support for penetration testing and secure code initiatives.

• Provide expert guidance, training, and mentoring to engineers and developers on PKI usage, certificate management best practices, and secure cryptographic design patterns in enterprise environments.

Required Qualifications

• Bachelor's degree in Cybersecurity, Information Technology, Computer Science, Engineering, or related technical discipline, or equivalent relevant experience.

• Minimum of 8 years of experience in cybersecurity, security engineering, or network security roles, including significant hands-on exposure to PKI or cryptographic services.

• Demonstrated experience designing, implementing, and operating enterprise PKI solutions, including certificate authorities, key management, and certificate lifecycle workflows.

• Strong knowledge of authentication, authorization, and encryption concepts, including TLS, digital signatures, certificate based access control, and related standards (for example, X.509, OCSP, CRL).

• Ability to obtain and maintain a Public Trust investigation, with US citizenship required in support of federal client requirements.

• Proficiency with Unix/Linux or similar operating systems and enterprise infrastructure environments used to host PKI and security services.

Preferred Qualifications

• Advanced cybersecurity certifications such as CISSP, CISM, CISA, or CRISC demonstrating broad security architecture and governance expertise.

• Experience integrating PKI with identity and access management platforms, federated identity standards (for example, SAML), and role based access control models in large enterprises.

• Background supporting PKI and cryptographic services in complex federal or regulated IT environments with rigorous compliance requirements.

• Handson experience with certificate discovery and management tools, hardware security modules, and automation frameworks for largescale certificate deployment.

• Familiarity with secure software development practices, application security testing, and remediation of cryptographic vulnerabilities across web and service architectures.

• Prior experience leading small technical teams or serving as a subject matter expert for enterprise security initiatives.

Job-Specific Skills

• Enterprise PKI Architecture -- Designs and documents scalable PKI architectures, including root hierarchy, trust models, and integration patterns with enterprise systems.

• Certificate Lifecycle Management -- Establishes and operates repeatable processes and automation for issuing, renewing, and revoking certificates for diverse identities and workloads.

• Cryptographic Standards Expertise -- Applies industry cryptographic standards and algorithms to ensure strong encryption, signing, and key management practices in enterprise solutions.

• Policy and Governance Development -- Authors and maintains PKI policies, standards, and certification practice statements, aligning them with organizational risk and compliance needs.

• Security Integration Engineering -- Integrates PKI with identity, access management, network devices, and applications to enable secure, certificate based controls.

• PKI Monitoring and Audit -- Implements monitoring, logging, and audit processes that provide visibility into PKI operations and support internal and external assessments.

• Incident Response for PKI -- Leads investigation and remediation of PKI related incidents, including mis-issued certificates, key compromise, and cryptographic vulnerabilities.

• Automation and Tooling -- Leverages scripting, configuration management, and PKI toolsets to streamline certificate issuance, enrollment, and inventory management.

• Cross Functional Collaboration -- Works closely with security, infrastructure, application, and operations teams to align PKI capabilities with enterprise objectives and constraints.

• Technical Mentorship -- Coaches junior engineers and developers on PKI concepts, secure implementation patterns, and operational best practices to uplift team capability.

Preferred Skills

• Experience engineering PKI solutions in hybrid cloud and on premises environments, including integration with major cloud providers' identity and key management services.

• Advanced scripting or automation capability (for example, PowerShell, Python, or similar) used to integrate PKI workflows with enterprise tooling and CI/CD pipelines.

• Familiarity with certificate based network access control, VPN, and device authentication architectures in large, distributed environments.

• Experience conducting PKI focused security assessments, including configuration reviews, key protection evaluations, and readiness for external compliance audits.

#cjpost

Job Requirements:

Key Responsibilities

• Lead the design, implementation, and ongoing operations of enterprise PKI infrastructures, including root and subordinate certificate authorities, registration authorities, and associated hardware and software components.

• Manage the full lifecycle of digital certificates and cryptographic keys for users, devices, applications, and services, including issuance, renewal, suspension, and revocation with strong controls and automation.

• Develop, document, and enforce PKI policies, certification practice statements, standards, and procedures aligned to enterprise security and regulatory requirements.

• Integrate PKI services with identity and access management platforms, directory services, network security controls, and secure application architectures to enable strong authentication and encryption.

• Monitor, audit, and assess PKI infrastructure health and compliance, performing regular reviews, root cause analyses, and remediation activities to maintain high availability and integrity.

• Lead the evaluation, selection, and implementation of PKI related tools, including certificate discovery, management, and automation solutions, and recommend improvements to strengthen cryptographic services.

• Collaborate with security operations and application teams to analyze and respond to PKI related incidents, vulnerabilities, and findings, including support for penetration testing and secure code initiatives.

• Provide expert guidance, training, and mentoring to engineers and developers on PKI usage, certificate management best practices, and secure cryptographic design patterns in enterprise environments.

#cjpost