Posted today
Top Secret/SCI
Unspecified
CI Polygraph
IT - Support
Reston, VA (On-Site/Office)•Colorado Springs, CO (On-Site/Office)
Public Key Infrastructure (PKI) Engineer – IAM / Zero Trust
Program Description:
This role supports a federal Identity and Access Management (IAM) program as a Public Key Infrastructure (PKI) Engineer, focused on designing, deploying, and maintaining enterprise certificate services that underpin authentication, device trust, and Zero Trust architectures.
You will work closely with IAM engineers, system administrators, and security stakeholders to analyze identity lifecycles, define certificate usage and policy, and ensure credentials are issued, managed, and revoked securely. This role blends PKI engineering, Active Directory Certificate Services (AD CS), and automation, with an emphasis on secure, scalable identity solutions in a high-assurance environment.
Day to Day Responsibilities:
Design, implement, and operate enterprise PKI architectures supporting IAM and Zero Trust
Deploy, configure, and manage Certificate Authorities (CAs), including AD CS environments
Define and maintain certificate policies, templates, and trust chains
Manage certificate lifecycle processes, including issuance, renewal, revocation, and automation
Implement security best practices for key management, certificate storage, and access control
Integrate PKI services with IAM systems such as SSO, MFA, privileged access, and device identity platforms
Support automation and enrollment processes using ACME, SCEP, and related protocols
Troubleshoot PKI, certificate, and trust issues across Windows, Linux, and enterprise systems
Collaborate with stakeholders to align PKI solutions with mission and security requirements
Support compliance with government security standards and Zero Trust principles
Required Skills:
3+ years of experience supporting Public Key Infrastructure (PKI) in cybersecurity environments
??Hands-on experience with Active Directory Certificate Services (AD CS)
Experience designing and operating Certificate Authorities, including trust models and hierarchy
Experience managing certificate lifecycle automation and renewal processes
Strong understanding of certificate policies, templates, and X.509 certificate contents
Knowledge of Linux systems and asymmetric cryptography concepts and applications
Experience implementing and maintaining security best practices in PKI environments
Program Description:
This role supports a federal Identity and Access Management (IAM) program as a Public Key Infrastructure (PKI) Engineer, focused on designing, deploying, and maintaining enterprise certificate services that underpin authentication, device trust, and Zero Trust architectures.
You will work closely with IAM engineers, system administrators, and security stakeholders to analyze identity lifecycles, define certificate usage and policy, and ensure credentials are issued, managed, and revoked securely. This role blends PKI engineering, Active Directory Certificate Services (AD CS), and automation, with an emphasis on secure, scalable identity solutions in a high-assurance environment.
Day to Day Responsibilities:
Design, implement, and operate enterprise PKI architectures supporting IAM and Zero Trust
Deploy, configure, and manage Certificate Authorities (CAs), including AD CS environments
Define and maintain certificate policies, templates, and trust chains
Manage certificate lifecycle processes, including issuance, renewal, revocation, and automation
Implement security best practices for key management, certificate storage, and access control
Integrate PKI services with IAM systems such as SSO, MFA, privileged access, and device identity platforms
Support automation and enrollment processes using ACME, SCEP, and related protocols
Troubleshoot PKI, certificate, and trust issues across Windows, Linux, and enterprise systems
Collaborate with stakeholders to align PKI solutions with mission and security requirements
Support compliance with government security standards and Zero Trust principles
Required Skills:
3+ years of experience supporting Public Key Infrastructure (PKI) in cybersecurity environments
??Hands-on experience with Active Directory Certificate Services (AD CS)
Experience designing and operating Certificate Authorities, including trust models and hierarchy
Experience managing certificate lifecycle automation and renewal processes
Strong understanding of certificate policies, templates, and X.509 certificate contents
Knowledge of Linux systems and asymmetric cryptography concepts and applications
Experience implementing and maintaining security best practices in PKI environments
group id: 10313966
