Job Requirements
Joint Base Anacostia Bolling, DC
Top Secret Polygraph not specified
Senior Level Career (10+ yrs experience)
Salary not specified
Join Premium to unlock estimated salaries 
Job Description
Senior PKI Engineer / SME
• Location: On-site at Joint Base Anacostia-Bolling (JBAB)
• Clearance: Active TS
• Benefits: Medical, Dental, Vision, Retirement and more
What This Job Feels Like
• Work centers on designing and maintaining trust models that other systems depend on, often with little margin for error.
• Problems are rarely straightforward—solutions must account for vendor constraints, security requirements, and interoperability edge cases.
• Ownership of PKI architecture and implementation from policy design through operational support.
• High OPTEMPO; requires precision, persistence, and disciplined follow-through.
What You’ll Do
• Design and manage PKI architectures, including root/intermediate hierarchies, chains of trust, and certificate lifecycle processes.
• Create and maintain segmented trust models (organizational partitions, cross-domain trust, constrained intermediates).
• Generate and support certificates for diverse use cases, including handling vendor-specific constraints and non-standard requirements (e.g., wildcard usage, SAN configurations, custom extensions).
• Troubleshoot certificate validation issues across systems, applications, and network boundaries.
• Collaborate with systems, network, and application teams to ensure certificates function correctly within their environments.
• Define and enforce certificate policies, revocation strategies (CRL/OCSP), and security controls.
• Mentor engineers on PKI fundamentals and correct implementation practices.
Tech Knowledge / Skills
• PKI fundamentals: X.509, certificate chains, trust stores, key management
• Microsoft CA, OpenSSL, and other PKI tooling
• TLS/SSL, mutual authentication, certificate-based access control
• CRL, OCSP, revocation and lifecycle management
• Integration points: web servers, load balancers, applications, network devices
Requirements
• 8+ years experience in PKI, security engineering, or related systems roles in secure/cleared environments
• Active TS; must be able to obtain TS/SCI
• Professional certification required; expert-level capability preferred
• Demonstrated ability to design and troubleshoot PKI systems across multiple platforms and vendors
• Experience with complex trust models and real-world certificate interoperability challenges
• Location: On-site at Joint Base Anacostia-Bolling (JBAB)
• Clearance: Active TS
• Benefits: Medical, Dental, Vision, Retirement and more
What This Job Feels Like
• Work centers on designing and maintaining trust models that other systems depend on, often with little margin for error.
• Problems are rarely straightforward—solutions must account for vendor constraints, security requirements, and interoperability edge cases.
• Ownership of PKI architecture and implementation from policy design through operational support.
• High OPTEMPO; requires precision, persistence, and disciplined follow-through.
What You’ll Do
• Design and manage PKI architectures, including root/intermediate hierarchies, chains of trust, and certificate lifecycle processes.
• Create and maintain segmented trust models (organizational partitions, cross-domain trust, constrained intermediates).
• Generate and support certificates for diverse use cases, including handling vendor-specific constraints and non-standard requirements (e.g., wildcard usage, SAN configurations, custom extensions).
• Troubleshoot certificate validation issues across systems, applications, and network boundaries.
• Collaborate with systems, network, and application teams to ensure certificates function correctly within their environments.
• Define and enforce certificate policies, revocation strategies (CRL/OCSP), and security controls.
• Mentor engineers on PKI fundamentals and correct implementation practices.
Tech Knowledge / Skills
• PKI fundamentals: X.509, certificate chains, trust stores, key management
• Microsoft CA, OpenSSL, and other PKI tooling
• TLS/SSL, mutual authentication, certificate-based access control
• CRL, OCSP, revocation and lifecycle management
• Integration points: web servers, load balancers, applications, network devices
Requirements
• 8+ years experience in PKI, security engineering, or related systems roles in secure/cleared environments
• Active TS; must be able to obtain TS/SCI
• Professional certification required; expert-level capability preferred
• Demonstrated ability to design and troubleshoot PKI systems across multiple platforms and vendors
• Experience with complex trust models and real-world certificate interoperability challenges
group id: 91101547