Job Requirements
DC
Top Secret/SCI Polygraph Unspecified
Career Level not specified
$180,000 - $205,000
Job Description
Senior PKI Engineer / SME
TS/SCI (active required)
Joint Base Anacostia-Bolling (JBAB)
$180K - $205K
What This Job Feels Like
• Work centers on designing and maintaining trust models that other systems depend
on, often with little margin for error.
• Problems are rarely straightforward-solutions must account for vendor
constraints, security requirements, and interoperability edge cases.
• Ownership of PKI architecture and implementation from policy design through
operational support.
• High OPTEMPO; requires precision, persistence, and disciplined follow-through.
•
What You'll Do
• Design and manage PKI architectures, including root/intermediate hierarchies,
chains of trust, and certificate lifecycle processes.
• Create and maintain segmented trust models (organizational partitions, crossdomain trust, constrained intermediates).
• Generate and support certificates for diverse use cases, including handling vendorspecific constraints and non-standard requirements (e.g., wildcard usage, SAN
configurations, custom extensions).
• Troubleshoot certificate validation issues across systems, applications, and
network boundaries.
• Collaborate with systems, network, and application teams to ensure certificates
function correctly within their environments.
• Define and enforce certificate policies, revocation strategies (CRL/OCSP), and
security controls.
• Mentor engineers on PKI fundamentals and correct implementation practices.
Tech Knowledge / Skills
• PKI fundamentals: X.509, certificate chains, trust stores, key management
• Microsoft CA, OpenSSL, and other PKI tooling
• TLS/SSL, mutual authentication, certificate-based access control
• CRL, OCSP, revocation and lifecycle management
• Integration points: web servers, load balancers, applications, network devices
Requirements
• 8+ years experience in PKI, security engineering, or related systems roles in
secure/cleared environments
• Active TS; must be able to obtain TS/SCI
• Professional certification required; expert-level capability preferred
• Demonstrated ability to design and troubleshoot PKI systems across multiple
platforms and vendors
• Experience with complex trust models and real-world certificate interoperability
challenges
• Location: On-site at Joint Base Anacostia-Bolling (JBAB)
TS/SCI (active required)
Joint Base Anacostia-Bolling (JBAB)
$180K - $205K
What This Job Feels Like
• Work centers on designing and maintaining trust models that other systems depend
on, often with little margin for error.
• Problems are rarely straightforward-solutions must account for vendor
constraints, security requirements, and interoperability edge cases.
• Ownership of PKI architecture and implementation from policy design through
operational support.
• High OPTEMPO; requires precision, persistence, and disciplined follow-through.
•
What You'll Do
• Design and manage PKI architectures, including root/intermediate hierarchies,
chains of trust, and certificate lifecycle processes.
• Create and maintain segmented trust models (organizational partitions, crossdomain trust, constrained intermediates).
• Generate and support certificates for diverse use cases, including handling vendorspecific constraints and non-standard requirements (e.g., wildcard usage, SAN
configurations, custom extensions).
• Troubleshoot certificate validation issues across systems, applications, and
network boundaries.
• Collaborate with systems, network, and application teams to ensure certificates
function correctly within their environments.
• Define and enforce certificate policies, revocation strategies (CRL/OCSP), and
security controls.
• Mentor engineers on PKI fundamentals and correct implementation practices.
Tech Knowledge / Skills
• PKI fundamentals: X.509, certificate chains, trust stores, key management
• Microsoft CA, OpenSSL, and other PKI tooling
• TLS/SSL, mutual authentication, certificate-based access control
• CRL, OCSP, revocation and lifecycle management
• Integration points: web servers, load balancers, applications, network devices
Requirements
• 8+ years experience in PKI, security engineering, or related systems roles in
secure/cleared environments
• Active TS; must be able to obtain TS/SCI
• Professional certification required; expert-level capability preferred
• Demonstrated ability to design and troubleshoot PKI systems across multiple
platforms and vendors
• Experience with complex trust models and real-world certificate interoperability
challenges
• Location: On-site at Joint Base Anacostia-Bolling (JBAB)
group id: 10290999
