PKI Architect

PKI Architect

Location Lodi, CA//Sunnyvale, CA (Onsite)

Duration (9 -10 weeks) 2 Months

Job Description:

• We are seeking a highly skilled PKI Architect to lead the design, implementation, and management of enterprise Public Key Infrastructure solutions. The ideal candidate will have deep expertise in cryptographic technologies, certificate lifecycle management, and secure key management practices, with a strong understanding of enterprise security architecture.

Preferred Qualifications:

Certifications such as CISSP, CISM, or vendor-specific PKI certifications. Experience with cloud-based PKI solutions (AWS Certificate Manager, Azure Key Vault). Knowledge of DevSecOps practices and automation of certificate management.

Required Skills & Qualifications:

Bachelor's or Master's degree in Computer Science, Information Security, or related field. 7+ years of experience in cybersecurity, with at least 3 years focused on PKI architecture and implementation. Strong understanding of cryptographic protocols (TLS/SSL, S/MIME, IPsec), certificate formats (X.509), and key management. Experience with PKI tools and platforms (e.g., Microsoft AD CS, Venafi, DigiCert, Entrust, Keyfactor). Familiarity with HSMs, smart cards, and secure key storage solutions. Knowledge of identity and access management (IAM) and integration with PKI. Excellent problem-solving, documentation, and communication skills.

Key Responsibilities:

Design and architect scalable PKI solutions to support enterprise security requirements. Lead the implementation and integration of PKI systems with identity management, authentication, and secure communications platforms. Define and enforce certificate policies, key usage standards, and lifecycle management processes. Manage root and subordinate Certificate Authorities (CAs), including hardware security modules (HSMs). Ensure compliance with industry standards and regulatory requirements (e.g., NIST, ISO, GDPR). Collaborate with cybersecurity, infrastructure, and application teams to integrate PKI into broader security architecture. Conduct risk assessments and recommend improvements to PKI-related processes and technologies. Provide technical leadership and mentoring to engineering teams on PKI best practices.