Job Requirements
Vienna, VA
Clearance Unspecified Polygraph not specified
Career Level not specified
Salary not specified
Join Premium to unlock estimated salaries 
Job Description
PKI / TLS Certificate Engineer
REMOTE
Pay Rate: Open to Both C2C and W2 options
Position Type: Multiyear Contract
Certificate Management Engineering (CME) is seeking a DevOps-focused contractor to support Operations and Automation workstreams across enterprise certificate lifecycle management. This role will help design, build, and run automation that reduces manual certificate work, improves reliability, and strengthens security outcomes-covering X.509 certificate inventory/renewal automation, notification and escalation workflows, and integrations with operational ticketing processes.
The contractor will also support modernization initiatives that expand CME capabilities into Kubernetes certificate automation and code/container signing, including integration patterns and tooling used to manage certificates and machine identities in cloud/Kubernetes environments.
Key Responsibilities:
Operations Enablement (Reliability)
• Support day-to-day operational execution for certificate lifecycle work (issuance, renewal, replacement, decommission) with a strong focus on reducing manual handling and preventing certificate-expiration risk.
• Enhance operational workflows that include scripted Outlook notification/escalation logic and operational integrations (e.g., ticket/task creation).
• Partner with engineering and operations stakeholders to standardize repeatable procedures and ensure traceability of changes.
Automation Engineering (Build and Scale)
• Develop and maintain automation that expands certificate coverage and reduces manual renewal effort, building on existing code-based automations and monitoring/notification patterns.
• Implement or improve automation around certificate deployment patterns in modern platforms, including Kubernetes environments using components such as TLS for Kubernetes (TLSPK) and cert-manager.
• Contribute to automation patterns for code/container signing processes and pipelines, helping establish consistent standards and repeatable workflows.
Platform & Tooling Support
• Support and enhance automations and operational improvements for CyberArk (formerly Venafi) Certificate Manager within CMEs ecosystem.
• Assist in enabling cloud/Kubernetes certificate management approaches that leverage machine identity management tooling referenced by the team (e.g., Workload Identity Manager / Venafi Firefly references in CME materials).
Must-Have Qualifications (Required)
• Certificates / X.509 lifecycle management experience (request/issue/renew/replace/decommission, inventory/monitoring, risk reduction).
• PKI fundamentals (CAs, chains, key usage, SANs, revocation, policy constraints; ability to troubleshoot certificate path and deployment issues).
• PowerShell (advanced scripting for automation, error handling, logging, packaging, scheduling, and secure credential handling).
• DevOps/automation mindset with production support experience (building reliable runbooks, monitoring/alerting hooks, and operational handoffs).
• Ability to work cross-functionally with security, infrastructure, and platform teams to deliver automation that is operationally supportable.
Nice-to-Have Skills (Preferred)
• Venafi Trust Protection Platform / CyberArk Certificate Manager - Self Hosted
• CyberArk Certificate Manager - Kubernetes
• CyberArk Code Sign Manager
• Kubernetes cert-manager
• SPIFFE / SPIRE
• ServiceNow
• Python
• Ansible
• Golang
• Bash
• vcert
Deliverables & Success Measures
• Operational reduction of manual certificate tasks via automation improvements and measurable decreases in human touchpoints (especially renewal and deployment workflows).
• Improved notification/escalation effectiveness and reduced surprise expirations via scripted communication and integrated tasking.
• Working automation patterns for Kubernetes certificate management using components like cert-manager and related Kubernetes TLS enablement approaches referenced by CME.
• Supportable automation artifacts: source-controlled scripts, documentation/runbooks, and operational readiness for change-management expectations.
Working Relationships
• Works closely with CME engineering leadership and peer engineers supporting certificate automation, Kubernetes enablement, and signing initiatives.
• Coordinates with platform and change stakeholders to ensure automation is production-ready and appropriately documented.
REMOTE
Pay Rate: Open to Both C2C and W2 options
Position Type: Multiyear Contract
Certificate Management Engineering (CME) is seeking a DevOps-focused contractor to support Operations and Automation workstreams across enterprise certificate lifecycle management. This role will help design, build, and run automation that reduces manual certificate work, improves reliability, and strengthens security outcomes-covering X.509 certificate inventory/renewal automation, notification and escalation workflows, and integrations with operational ticketing processes.
The contractor will also support modernization initiatives that expand CME capabilities into Kubernetes certificate automation and code/container signing, including integration patterns and tooling used to manage certificates and machine identities in cloud/Kubernetes environments.
Key Responsibilities:
Operations Enablement (Reliability)
• Support day-to-day operational execution for certificate lifecycle work (issuance, renewal, replacement, decommission) with a strong focus on reducing manual handling and preventing certificate-expiration risk.
• Enhance operational workflows that include scripted Outlook notification/escalation logic and operational integrations (e.g., ticket/task creation).
• Partner with engineering and operations stakeholders to standardize repeatable procedures and ensure traceability of changes.
Automation Engineering (Build and Scale)
• Develop and maintain automation that expands certificate coverage and reduces manual renewal effort, building on existing code-based automations and monitoring/notification patterns.
• Implement or improve automation around certificate deployment patterns in modern platforms, including Kubernetes environments using components such as TLS for Kubernetes (TLSPK) and cert-manager.
• Contribute to automation patterns for code/container signing processes and pipelines, helping establish consistent standards and repeatable workflows.
Platform & Tooling Support
• Support and enhance automations and operational improvements for CyberArk (formerly Venafi) Certificate Manager within CMEs ecosystem.
• Assist in enabling cloud/Kubernetes certificate management approaches that leverage machine identity management tooling referenced by the team (e.g., Workload Identity Manager / Venafi Firefly references in CME materials).
Must-Have Qualifications (Required)
• Certificates / X.509 lifecycle management experience (request/issue/renew/replace/decommission, inventory/monitoring, risk reduction).
• PKI fundamentals (CAs, chains, key usage, SANs, revocation, policy constraints; ability to troubleshoot certificate path and deployment issues).
• PowerShell (advanced scripting for automation, error handling, logging, packaging, scheduling, and secure credential handling).
• DevOps/automation mindset with production support experience (building reliable runbooks, monitoring/alerting hooks, and operational handoffs).
• Ability to work cross-functionally with security, infrastructure, and platform teams to deliver automation that is operationally supportable.
Nice-to-Have Skills (Preferred)
• Venafi Trust Protection Platform / CyberArk Certificate Manager - Self Hosted
• CyberArk Certificate Manager - Kubernetes
• CyberArk Code Sign Manager
• Kubernetes cert-manager
• SPIFFE / SPIRE
• ServiceNow
• Python
• Ansible
• Golang
• Bash
• vcert
Deliverables & Success Measures
• Operational reduction of manual certificate tasks via automation improvements and measurable decreases in human touchpoints (especially renewal and deployment workflows).
• Improved notification/escalation effectiveness and reduced surprise expirations via scripted communication and integrated tasking.
• Working automation patterns for Kubernetes certificate management using components like cert-manager and related Kubernetes TLS enablement approaches referenced by CME.
• Supportable automation artifacts: source-controlled scripts, documentation/runbooks, and operational readiness for change-management expectations.
Working Relationships
• Works closely with CME engineering leadership and peer engineers supporting certificate automation, Kubernetes enablement, and signing initiatives.
• Coordinates with platform and change stakeholders to ensure automation is production-ready and appropriately documented.
group id: COMPHLP
