Title: PKI Engineer
Engagement Type: Contract
Location: 100% remote from the US
We are seeking an experienced, client-facing Public Key Infrastructure (PKI) Engineer for a hands-on technical role. The successful candidate will be responsible for the end-to-end implementation, deployment, and management of highly available PKI solutions for our clients, with a required expertise in Venafi and DigiCert One. This position focuses on building robust integrations with enterprise applications, managing machine identities, and executing key lifecycle management processes to meet the client's project goals.
Key Responsibilities
*PKI Solution Implementation: Design, deploy, configure, and manage highly available PKI solutions, with a primary focus on the Venafi Trust Protection Platform and DigiCert One within the client's environment.
*Application & Enterprise Integration: Integrate PKI and certificate management solutions with a wide variety of the client's enterprise applications, cloud services, and DevOps pipelines.
*Machine Identity Management: Develop and implement strategies for effective machine identity and key lifecycle management, including discovery, creation, distribution, rotation, and revocation of cryptographic keys and digital certificates.
*HSM & Code Signing: Configure, deploy, and manage Hardware Security Modules (HSMs) to secure critical cryptographic keys. Implement and manage secure code signing processes to ensure the integrity and authenticity of the client's software.
*Troubleshooting and Support: Act as the subject matter expert for PKI-related issues, providing advanced troubleshooting for certificate-related incidents and integration failures. Serve as an escalation point for the project team.
*Security and Compliance: Ensure that all PKI configurations and integrations adhere to the client's security standards and compliance requirements (e.g., NIST, ISO 27001).
*Collaboration: Work closely with client application owners, security architects, project managers, and other stakeholders to gather requirements and deliver robust PKI solutions.
*Documentation: Create and maintain detailed documentation of the PKI architecture, configurations, integrations, and operational processes for project deliverables.
Qualifications and Experience
Required:
*PKI Expertise: Minimum of 3-5 years of hands-on experience with enterprise PKI solutions, with a demonstrated focus on certificate and machine identity lifecycle management. Specific, deep expertise with Venafi and DigiCert One is mandatory.
*Security Fundamentals: Strong understanding of cryptographic concepts, PKI, and machine identity management principles.
*Technical Protocols: In-depth knowledge of cryptographic protocols (TLS/SSL, S/MIME), certificate enrollment protocols (SCEP, EST), and directory services (Active Directory, LDAP).
*Technical Skills: Proven experience with integrating PKI solutions into enterprise applications, cloud platforms (AWS, Azure), and CI/CD pipelines. Familiarity with Hardware Security Modules (HSMs). Proficiency in PowerShell or other scripting languages for automation is necessary.
*Problem-Solving: Excellent analytical and problem-solving skills, with the ability to troubleshoot complex technical issues in a project-based environment.
*Communication: Strong written and verbal communication skills, with the ability to articulate complex technical concepts to both technical and non-technical stakeholders.
*Act with integrity, professionalism, and personal responsibility to uphold KPMG's respectful and courteous work environment
Desired:
* Experience working in a professional services or consulting environment on client-facing projects.
* Familiarity with other PKI and security tools (e.g., Microsoft AD CS, HashiCorp Vault, CyberArk).
* Relevant industry certifications (e.g., CISSP, CISM, or vendor-specific credentials).
* Understanding of ITIL processes for incident, change, and problem management.
Never miss an opportunity! Create an alert based on the job you applied for.
