Job Requirements
Remote
Public Trust Polygraph not specified
Mid Level Career (5+ yrs experience)
$110,000 - $150,000
Job Description
The CTG Experience
At Capital Technology Group (CTG), our teams are passionate about modernizing how the federal government delivers software. We partner with federal agencies to build secure, scalable, and mission-driven solutions that make a meaningful impact on millions of people. Recognized as a 2025 Top Workplace by The Washington Post, CTG fosters a culture rooted in our core values. Our values guide how we work together and support one another, creating an environment where employees feel trusted, empowered, and encouraged to grow both personally and professionally.
About the Role
CTG is seeking a PKI Architect to design, implement, and modernize enterprise Public Key Infrastructure (PKI) and identity trust services supporting mission-critical federal systems. This role is ideal for a senior technical architect with deep expertise in cryptographic systems, identity security, and scalable infrastructure design across complex, highly secure environments.
You Will Get To
Design, implement, and evolve PKI architectures that enable secure authentication and Zero Trust initiatives
Build and support cloud-native solutions across AWS and Azure environments.
Automate infrastructure, deployments, and operational processes using Ansible and CI/CD pipelines.
Partner with security and engineering teams to implement DevSecOps practices and secure software delivery.
Support compliance initiatives aligned with FIPS, NIST 800-53, FISMA, and Zero Trust Architecture principles.
Monitor, troubleshoot, and optimize application and platform performance using security and observability tools.
Who You Are
A collaborative engineer who enjoys solving complex technical and security challenges.
Passionate about building scalable, secure, and reliable cloud-based solutions.
Comfortable working across application development, cloud infrastructure, identity, and security domains.
Skilled at balancing technical innovation with operational excellence and compliance requirements.
An effective communicator who can work with cross-functional teams and stakeholders.
Qualifications
Bachelor’s degree in Computer Science, Cybersecurity, Information Systems, Engineering, Mathematics, or a related technical field (or equivalent experience)
4+ years of professional experience in PKI architecting, cybersecurity engineering, identity and access management (IAM), infrastructure/security architecture, or enterprise platform engineering (not limited to application development)
Experience designing and supporting PKI solutions in FICAM and Federal PKI (FPKI) environments.
Experience with X.509 certificate lifecycle management, automation, and policy development.
Knowledge of X.509 certificate policies and CA/Browser Forum standards.
Experience implementing certificate automation using ACME.
Experience with Hardware Security Modules (HSMs) and cryptographic key management.
Familiarity with Post-Quantum Cryptography (PQC) concepts and migration strategies.
Experience with PKI platforms including DigiCert, Entrust, Microsoft AD CS, and Let's Encrypt.
Experience supporting CAC/PIV smart cards, server, code-signing, and S/MIME certificates, including certificate trust chains and validation.
Experience with cloud platforms such as AWS and/or Azure.
Familiarity with DevSecOps practices, CI/CD pipelines, and source control platforms such as GitHub Enterprise.
Understanding of security frameworks and standards including NIST, FISMA, FIPS, and Zero Trust principles.
Nice to Have
Experience using Docker and Kubernetes.
Experience with Shibboleth, CyberArk, or HashiCorp Vault.
Experience with Splunk, Tenable, Checkmarx, SonarQube, or related security tooling.
Experience with STIG hardening, vulnerability management, or compliance programs.
Familiarity with PIV authentication and identity governance solutions.
Experience supporting highly regulated environments, including federal or public sector organizations.
Relevant cloud, security, or architecture certifications.
Client Requirements
Applicants must be U.S. Citizens
Ability to obtain a Public Trust clearance
At Capital Technology Group (CTG), our teams are passionate about modernizing how the federal government delivers software. We partner with federal agencies to build secure, scalable, and mission-driven solutions that make a meaningful impact on millions of people. Recognized as a 2025 Top Workplace by The Washington Post, CTG fosters a culture rooted in our core values. Our values guide how we work together and support one another, creating an environment where employees feel trusted, empowered, and encouraged to grow both personally and professionally.
About the Role
CTG is seeking a PKI Architect to design, implement, and modernize enterprise Public Key Infrastructure (PKI) and identity trust services supporting mission-critical federal systems. This role is ideal for a senior technical architect with deep expertise in cryptographic systems, identity security, and scalable infrastructure design across complex, highly secure environments.
You Will Get To
Design, implement, and evolve PKI architectures that enable secure authentication and Zero Trust initiatives
Build and support cloud-native solutions across AWS and Azure environments.
Automate infrastructure, deployments, and operational processes using Ansible and CI/CD pipelines.
Partner with security and engineering teams to implement DevSecOps practices and secure software delivery.
Support compliance initiatives aligned with FIPS, NIST 800-53, FISMA, and Zero Trust Architecture principles.
Monitor, troubleshoot, and optimize application and platform performance using security and observability tools.
Who You Are
A collaborative engineer who enjoys solving complex technical and security challenges.
Passionate about building scalable, secure, and reliable cloud-based solutions.
Comfortable working across application development, cloud infrastructure, identity, and security domains.
Skilled at balancing technical innovation with operational excellence and compliance requirements.
An effective communicator who can work with cross-functional teams and stakeholders.
Qualifications
Bachelor’s degree in Computer Science, Cybersecurity, Information Systems, Engineering, Mathematics, or a related technical field (or equivalent experience)
4+ years of professional experience in PKI architecting, cybersecurity engineering, identity and access management (IAM), infrastructure/security architecture, or enterprise platform engineering (not limited to application development)
Experience designing and supporting PKI solutions in FICAM and Federal PKI (FPKI) environments.
Experience with X.509 certificate lifecycle management, automation, and policy development.
Knowledge of X.509 certificate policies and CA/Browser Forum standards.
Experience implementing certificate automation using ACME.
Experience with Hardware Security Modules (HSMs) and cryptographic key management.
Familiarity with Post-Quantum Cryptography (PQC) concepts and migration strategies.
Experience with PKI platforms including DigiCert, Entrust, Microsoft AD CS, and Let's Encrypt.
Experience supporting CAC/PIV smart cards, server, code-signing, and S/MIME certificates, including certificate trust chains and validation.
Experience with cloud platforms such as AWS and/or Azure.
Familiarity with DevSecOps practices, CI/CD pipelines, and source control platforms such as GitHub Enterprise.
Understanding of security frameworks and standards including NIST, FISMA, FIPS, and Zero Trust principles.
Nice to Have
Experience using Docker and Kubernetes.
Experience with Shibboleth, CyberArk, or HashiCorp Vault.
Experience with Splunk, Tenable, Checkmarx, SonarQube, or related security tooling.
Experience with STIG hardening, vulnerability management, or compliance programs.
Familiarity with PIV authentication and identity governance solutions.
Experience supporting highly regulated environments, including federal or public sector organizations.
Relevant cloud, security, or architecture certifications.
Client Requirements
Applicants must be U.S. Citizens
Ability to obtain a Public Trust clearance
group id: 91120296