PKI Engineer position with my client Remote Role

Hello,

I have below exclusive position with one of our client. Please review the requirement criteria below and revert to me with your updated resume so that we can move ahead for further steps.

Job Title: PKI Engineer

Location: 100% Remote

Duration: 6+ Months contract to hire

Qualifications

• Minimum 5 years experience in identity and access management (IAM), security engineering, or infrastructure roles, with a strong focus on PKI, cryptography frameworks, or certificate management.

• Experience with cryptographic algorithms like RSA, ECC, SHA-2, AES, and hybrid post-quantum readiness is a plus.
• Experience managing PKI platforms such as Microsoft ADCS, Venafi, Keyfactor, DigiCert, AWS Certificate Manager, or HashiCorp Vault.
• Deep understanding of TLS/SSL, S/MIME, PGP, Code signing, and HTTPS
• Experience supporting compliance for TLS/HTTPS, code signing, and encryption policies.
• Strong documentation skills for crypto policies, key ceremonies, and procedures.
• Ability to partner with teams across security, IT, DevOps, and application delivery.
• Experience providing direct support and input to business executives and taking a lead role in driving the strategic direction of the organization s mission.
• Bachelor s Degree in an IT related field and/or equivalent work experience.

Responsibilities

• Key areas of focus for the PKI Engineer include certificate lifecycle management through end-to-end automation of issuance, rotation, and revocation, maintenance of secure CA hierarchy and trust chains, and PKI integration with CI/CD pipelines, secrets stores, and signing tools. The successful candidate will be responsible for the following activities:
• Manage enterprise Certificate Authorities (CAs), including Root and Intermediate CAs (internal and third-party).
• Maintain Certificate Revocation Lists (CRLs) and Online Certificate Status Protocol (OCSP) services.
• Oversee the issuance, renewal, and revocation of user, device, service, and application certificates.
• Implement certificate lifecycle automation to reduce manual errors and expiry risk.
• Promote, foster, and advocate for an environment of collaboration, diversity, and inclusion.
• Ensure systems adhere to industry best practices for encryption, signing, and key usage (e.g., RSA, ECC, SHA-2, TLS 1.2/1.3).
• Stay current with NIST guidelines, WebTrust requirements, and corporate cryptographic policies.
• Manage private key protection using Hardware Security Modules (HSMs), Trusted Platform Modules (TPMs), or cloud KMS.
• Ensure secure storage, usage, and backup of cryptographic materials.
• Investigate and remediate certificate-related outages or compromise scenarios (e.g., mass expiration, misissuance, stolen keys).
• Collaborate and drive productivity and effective integration with adjacent Versant Cyber functions and specifically the synergies required across the security stack and technology platforms.