Senior PKI Engineer

Job Description
Everforth ECS is seeking a Senior Public Key Infrastructure (PKI) Engineer to work in our Fairfax, VA office in a hybrid onsite/remote capacity.

The Senior PKI Engineer will be responsible for the architecting, implementation, administration, automation, and maintenance of enterprise Public Key Infrastructure (PKI) systems and cryptographic services. This role supports secure authentication, encryption, digital signing, certificate lifecycle management, and enterprise trust services across complex environments.

The engineer will lead efforts to modernize and automate certificate management processes, reduce manual administration, and improve the scalability and security of PKI operations. Responsibilities include managing certificate authorities (CAs), automating certificate issuance and renewal workflows, integrating PKI services with enterprise platforms, and supporting compliance with cybersecurity standards and operational requirements.

Key Responsibilities

• Architect, deploy, configure, and maintain enterprise PKI environments and certificate authority infrastructure.
• Automate certificate lifecycle management processes including certificate issuance, renewal, revocation, rotation, and expiration monitoring.
• Develop and maintain automation scripts, APIs, and workflows for PKI and certificate management using tools such as PowerShell, Python, Ansible, Terraform, or similar technologies.
• Implement automated certificate enrollment and management solutions for servers, applications, network devices, containers, and cloud platforms.
• Administer internal and external certificate authorities (Microsoft CA, Entrust, DigiCert, EJBCA, or similar platforms).
• Implement and maintain TLS/SSL certificates across enterprise systems and environments.
• Troubleshoot PKI-related issues involving authentication, encryption, trust relationships, and certificate validation.
• Support identity and access management integrations using certificates, smart cards, and multifactor authentication technologies.
• Ensure PKI systems comply with organizational security policies and applicable standards such as NIST, FIPS, DISA STIGs, FedRAMP, or FISMA requirements.
• Collaborate with cybersecurity, DevSecOps, cloud, network, and systems engineering teams to integrate secure certificate management into enterprise platforms and CI/CD pipelines.
• Participate in incident response activities involving cryptographic systems, certificate compromise, or trust-related issues.
• Maintain technical documentation, architecture diagrams, standard operating procedures, and configuration baselines.
• Other duties, as assigned.

Required Skills

• U . S. Citizen. No Dual Citizens.
• Candidate requires a Secret Clearance to Interview. Final clearance required is TS.
• Minimum 12 years of experience with no degree.
• Active DoD 8140 IAT Level II Security+ (or higher) or ability to obtain within 90 days of hire.
• Ability to work in a hybrid capacity, with up to 3 business days per week onsite in Fairfax, VA.
• Experience with:
  • Administering enterprise PKI and certificate management environments.
  • Automating certificate management and infrastructure processes.
  • Microsoft Active Directory Certificate Services (AD CS) or comparable PKI platforms.
  • Developing automation using PowerShell, Python, Bash, REST APIs, or infrastructure-as-code tools.
  • Windows Server and/or Linux administration.
• Strong knowledge of:
  • TLS/SSL protocols.
  • Certificate authorities and registration authorities.
  • PKI architecture and trust models.
  • Cryptographic algorithms and key management.
  • Smart card and MFA technologies.
• Understanding of enterprise security architecture and cybersecurity best practices.
• Ability to troubleshoot authentication and certificate-related issues across enterprise systems.
• Strong problem-solving and decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate solution.
• Highly developed interpersonal and oral/written communication skills, with the ability to effectively and professionally interact with a diverse set of stakeholders (from peers to end-users to executive management).

Desired Skills

• Bachelor's degree in Cybersecurity, Computer Science, Information Technology, Engineering, or related field (or equivalent experience) with 8 years of experience.
• Experience with:
  • Supporting cloud-native certificate services in AWS, Azure, or Google Cloud.
  • Government, DoD, or regulated environments.
  • Jira and Confluence
• Knowledge of Zero Trust architectures and identity-based security models.
• Familiarity with DISA STIGs, NIST 800-series publications, FedRAMP, or FISMA compliance requirements.
• Relevant certifications such as:
  • CISSP
  • Security+
  • Microsoft Certified: Identity and Access Administrator
  • Certified Encryption Specialist (ECES)
  • GIAC certifications

#EverforthECS1

ECS Federal LLC is an equal opportunity employer and does not discriminate or allow discrimination on the basis any characteristic protected by law. All qualified applicants will receive consideration for employment without regard to disability, status as a protected veteran or any other status protected by applicable federal, state, or local jurisdiction law.

is the federal segment of , a $4B global organization with over 10,000 employees. Our nearly 3,500 professionals deliver advanced technology solutions in data and AI, cybersecurity, and enterprise transformation, serving defense, intelligence, and federal civilian agencies.

Our work powers mission-critical outcomes, strengthens technology partnerships, and creates meaningful opportunities for our people. We are defined by a commitment to excellence in delivery, a culture of innovation, and an environment where talent can thrive and grow.

We value:

• Attracting and developing top talent and high-performing teams

• Fostering a culture that is engaging, accountable, and mission-driven

Meet the challenge. Make a difference with Everforth ECS!