Senior Security Engineer with PKI and Venafi

Job Details:

Job Title: Senior Security Engineer with PKI and Venafi

Duration: Long-Term Contract

Location: Atlanta, GA || Hybrid

• Subject matter expert on certification administration and experience with automation of all the certificates. (PKI, Venafi, digital certificates management)
• Large enterprise infrastructure 500-100 certification administration experience. Need to know how the automation works
• Python PowerShell scripting
• AWS is a must

Job Description:

Summary

• We are seeking a highly experienced Senior PKI Security Engineer to lead the design, implementation, and management of Public Key Infrastructure (PKI) systems within our enterprise security program.
• This role will focus on building scalable and compliant PKI solutions, evaluating emerging technologies, and supporting encryption and authentication systems across the organization.
• The ideal candidate has deep expertise in PKI, cryptographic protocols, certificate lifecycle management, and regulatory frameworks such as FPKI.

Key Responsibilities

• Lead the strategy, design, and continuous improvement of PKI infrastructure.
• Collaborate with IT, DevOps, and security teams to implement and manage secure certificate-based authentication systems.
• Develop, test, and maintain security infrastructure including firewalls, intrusion detection systems, and data encryption protocols.
• Ensure compliance with FPKI Common Policy Framework and other regulatory requirements.
• Perform risk assessments, vulnerability testing, and security audits of systems and applications.
• Troubleshoot and support PKI-related issues, including certificate issuance, renewal automation, and integration.
• Review and enhance Red Hat Certificate System source code for defect remediation and feature development.
• Interface with system owners and business stakeholders to deliver secure and scalable encryption solutions.
• Maintain documentation for PKI architecture, policies, and procedures.
• Participate in incident response and forensic analysis of security breaches related to PKI infrastructure.
• Provide technical leadership and mentoring to junior engineers.
• Establish and enforce corporate security policies and procedures.
• Analyze, recommend, and implement security enhancements and controls.
• Educate and train staff on PKI and network security best practices.
• Participate in evaluating new security technologies and solutions.
• Communicate effectively with technical and non-technical stakeholders during security incidents and audits.

Technical Skills & Experience:

• PKI Expertise: Strong experience in designing, deploying, and managing enterprise PKI systems including Microsoft PKI, Venafi, and AWS PKI services (ACM, KMS, CloudHSM).
• Protocols: Deep knowledge of SSL/TLS, HTTPS, LDAPS, S/MIME, and certificate-based authentication protocols.
• Scripting: Proficient in PowerShell, Python, Bash, JSON, YAML, and automation for certificate lifecycle management.
• Cloud & Infrastructure: Experience with cloud-native PKI (AWS, Azure), CloudTrail, Secrets Manager, CloudFront.
• Security Engineering: Knowledge of OSI layer 2 7 security models, encryption standards, and hardware security modules (HSMs).
• Compliance & Governance: Familiarity with HSPD-12, FISMA, and identity governance frameworks.
• Platforms: Experience with Linux (RHEL), Windows Server, IBM Mainframe encryption (TKE, UKO, SGKLM).
• Tools & Integration: Integration with enterprise tools such as Venafi, and third-party public CA providers.
• Disaster Recovery: Experience developing and implementing IT contingency and disaster recovery plans.

Professional Qualifications:

• Bachelor's degree in computer science, Information Security, or related field (Master's preferred).
• 5+ years of hands-on experience in PKI engineering, certificate management, and digital identity solutions.
• Strong problem-solving, analytical, and communication skills.
• Detail-oriented with a proactive approach to identifying and resolving issues.
• Agile methodology experience preferred.

Preferred certifications:

• CISSP (Certified Information Systems Security Professional)
• AWS Certified Security or related cloud certifications
• CISM (Certified Information Security Manager)
• Microsoft or Red Hat security certifications