Public Key Infrastructure (PKI) Engineer

Overview

On Site
$60 - $65
Contract - W2
Contract - 12 Month(s)

Skills

Active Directory
Change Request Management
Collaboration
Computer Networking
Computer Science
Algorithms
Disaster Recovery
Educate
Encryption
F5
FOCUS
Amazon Web Services
Hierarchical Storage Management
IEEE 802.1X
IT Service Management
Apache Tomcat
Incident Management
Information Technology
Java
Auditing
Change Management
Cryptography
High Availability
Identity Management
Lifecycle Management
Linux
Linux Administration
Management
Microsoft
Microsoft Azure
Microsoft IIS
Microsoft Windows
Migration
Server Administration
OpenSSL
PKI
Regulatory Affairs
Regulatory Compliance
SSL
Scripting
Smart Card
TLS
Technical Support
Unix
Web Browsers
X.509

Job Details

Client is seeking a Senior Public Key Infrastructure (PKI) Engineer to support the architecture, implementation and operations of enterprise level PKI as part of the identity and access management team. This role will focus on building and maintaining certificate lifecycle management systems, including issuance, renewal, revocation and auditing of the certificates and keys; developing strategies for disaster recovery; offering technical support to users; and ensuring compliance with regulations and policies.
 
This is an excellent opportunity to work as an SME for Private and Public Key Infrastructure with a wide variety of technologies in a fast-paced global environment. In this role you will leverage a strong understanding of PKI to quickly adapt to the environment and make an impact. The role works collaboratively within a team of Identity Engineers following global processes, performing and/or assisting with core job responsibilities including:
  • Overall security, reliability, and management of PKI
  • Experience deploying or maintaining Active Directory Certificate Services, GlobalSign, Sectigo, Digicert, Keyfactor, OpenSSL or other certificate management platforms.
  • Firm understanding of and configuring Online Certificate Status Protocol (OCSP), Certificate Authorities (CA), Registration Authorities (RA), Certificate Revocation List (CRL), Bring Your Own Key (BYOK)
  • Firm understanding of cryptographic concepts including symmetric/asymmetric cryptography, hash algorithms, digital signatures, encryption, etc.
  • Comprehensive understanding of the PKI/HSM ecosystem, including technology, standards, implementations, and migration strategies.
  • Ensure digital certificate services provided align with Bechel s and industry best practices.
  • Support, implement and design PKI cross functional integrations:
  • Installation of SSL certificates in Windows IIS, JAVA JKS, Unix/Linux, Apache, Tomcat, Azure Key vault, AWS, F5's etc.
  • Understanding of ACME protocol and its functionality
  • Experience with developing scripts for administrative and automation tasks
  • Provide guidance, educate key stakeholders on certificate life cycle processes and procedures.
  • Working closely with IAM teams to implement Identity and Access Management PKI functionality for specific business and security requirements and processes.
  • Collaborate with other IT and Operational teams to integrate PKI solutions with existing systems/applications
  • ITSM process (Request management, change management, Incident management) on tools such as SNOW
  • Monitor and troubleshoot PKI related issues
  • Active Directory Certificate Services related issues
  • Assist and educate users/administrator with certificate enabled applications, such as SSL/TLS, S/MIME, Code Signing, Smartcard, 802.1x, EAP-TLS, etc.
  • Drive technical discussions to understand digital certificate services requirements while partnering with application teams who design and implement solutions.
  • Maintain and enhance global solutions for the digital certificate area ensuring high availability and disaster recovery across regions with resiliency including planning and delivering upgrades.
Knowledge of PKI Standards, including but not limited to:
  • Understanding of X.509 Certificate Management Standards
  • Creating and maintaining Certificate Policy and Practice Statement (CP/CPS)
  • Understanding of CA/Browser Forum Baseline Requirement
Basic Qualifications:
  • Recognized degree in Computer Science or Information Technology from an accredited college or university, or specialized courses in networking, information technology, server administration and infrastructure operations, or equivalent work experience in a related field.
  • Bachelor's or master's degree (or international equivalent) and a minimum of 8 - 10 years of relevant experience or 12 - 14 years of relevant work experience in lieu of a degree
  • Windows/Linux System Administration
  • Relevant Microsoft certifications are also highly desirable
Thank you
Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.