Sr. PKI Engineer

Senior PKI Engineer

Location: Charlotte, NC or Denver, CO (Onsite, with some flexibility)
W2 Only
Category: Cyber Security Engineering
Join one of the largest and most advanced Cyber Security organizations in the financial industry as we build a modern, enterprise-wide PKI and certificate services infrastructure. We are expanding our Identity & Cryptography capabilities and are looking for a Senior PKI Engineer who brings deep expertise in Microsoft AD Certificate Services (ADCS) and large-scale Active Directory integrations.
If you thrive as a hands-on engineer, enjoy designing secure cryptographic architectures, and want to influence enterprise security modernization efforts, this role offers a high-impact opportunity.

What You'll Do

Architecture & Design

• Design and maintain enterprise PKI architectures including Root, Policy, and Issuing CAs (offline/air-gapped roots, secure key ceremonies, governance workflows).
• Engineer certificate solutions for mTLS, 802.1X wired/wireless/VPN, device identity, BitLocker, code signing, S/MIME, and more.
• Define key sizes, algorithms (RSA, ECC, PQC), hashing methods, and certificate policies.
• Implement HSM-backed key storage and lead secure key ceremonies and DR planning.

Operations & Automation

• Own end-to-end certificate lifecycle management: issuance, renewal, revocation, automation.
• Integrate PKI with Active Directory (forests/domains, GPOs, AIA/CDP locations).
• Manage CRL/OCSP distribution, monitoring, and high availability.
• Build automation (PowerShell, APIs, Intune, SCEP/NDES, ACME, MDM) for large-scale enrollment.
• Drive CA backup, restore, upgrade, renewal, and migration strategies.

Security & Compliance

• Apply strong key management standards (FIPS 140-2/3), CA hardening, and root-level controls.
• Perform PKI risk assessments, template access reviews, and control testing.
• Lead incident response for PKI-related outages or security issues.
• Maintain alignment with NIST, Microsoft baselines, CAB Forum, and regulatory frameworks (SOX, PCI, HIPAA, ISO 27001).

What You Bring

• 8+ years in security engineering/identity infrastructure; 5+ years hands-on with Microsoft ADCS.
• Proven experience deploying and operating multi-tier Microsoft PKI in large, complex enterprises.
• Deep knowledge of X.509, CRLs/OCSP, EKKUs, SANs, RSA/ECC algorithms, SHA-2, and certificate path validation.
• Strong PowerShell and Windows Server skills (GPOs, templates, autoenrollment).
• Experience with 802.1X/EAP-TLS, TLS/mTLS, VPN authentication.
• Hands-on experience with HSMs (Entrust/nCipher/Thales).

Why This Role Matters

This hire will play a key role in building a new ICA/PKI Infrastructure supporting enterprise-wide Cyber Security Modernization efforts across GIS. You'll help shape foundational cryptographic services used across one of the largest financial organizations in the world.

Why You'll Love It

• Work in one of the most respected Cyber Security organizations in the industry
• Drive modernization initiatives with major impact
• Complex, large-scale environment where your PKI expertise truly matters

Job Type & Location
This is a Contract position based out of Charlotte, NC.
Pay and Benefits
The pay range for this position is $75.00 - $85.00/hr.
Eligibility requirements apply to some benefits and may depend on your job classification and length of employment. Benefits are subject to change and may be subject to specific elections, plan, or program terms. If eligible, the benefits available for this temporary role may include the following: Medical, dental & vision Critical Illness, Accident, and Hospital 401(k) Retirement Plan - Pre-tax and Roth post-tax contributions available Life Insurance (Voluntary Life & AD&D for the employee and dependents) Short and long-term disability Health Spending Account (HSA) Transportation benefits Employee Assistance Program Time Off/Leave (PTO, Vacation or Sick Leave)
Workplace Type
This is a fully onsite position in Charlotte,NC.
Application Deadline
This position is anticipated to close on Mar 27, 2026.
>About TEKsystems:
We're partners in transformation. We help clients activate ideas and solutions to take advantage of a new world of opportunity. We are a team of 80,000 strong, working with over 6,000 clients, including 80% of the Fortune 500, across North America, Europe and Asia. As an industry leader in Full-Stack Technology Services, Talent Services, and real-world application, we work with progressive leaders to drive change. That's the power of true partnership. TEKsystems is an Allegis Group company.

The company is an equal opportunity employer and will consider all applications without regards to race, sex, age, color, religion, national origin, veteran status, disability, sexual orientation, gender identity, genetic information or any characteristic protected by law.

About TEKsystems and TEKsystems Global Services

We're a leading provider of business and technology services. We accelerate business transformation for our customers. Our expertise in strategy, design, execution and operations unlocks business value through a range of solutions. We're a team of 80,000 strong, working with over 6,000 customers, including 80% of the Fortune 500 across North America, Europe and Asia, who partner with us for our scale, full-stack capabilities and speed. We're strategic thinkers, hands-on collaborators, helping customers capitalize on change and master the momentum of technology. We're building tomorrow by delivering business outcomes and making positive impacts in our global communities. TEKsystems and TEKsystems Global Services are Allegis Group companies. Learn more at TEKsystems.com.

The company is an equal opportunity employer and will consider all applications without regard to race, sex, age, color, religion, national origin, veteran status, disability, sexual orientation, gender identity, genetic information or any characteristic protected by law.