Active Directory (AD) & PKI Architect

Position: Active Directory (AD) & PKI Architect

Location: Remote

Duration: Long term contract

About the Role:

We are seeking a highly experienced Active Directory (AD) & Public Key Infrastructure (PKI) Architect to assess, design, implement, and maintain enterprise-level AD and PKI solutions for a large, complex IT environment. The ideal candidate will bring deep expertise in enterprise directory services, identity security, and certificate lifecycle management, along with proven experience leading large-scale AD/PKI modernization initiatives.

The ideal candidate will have a proven track record in managing large-scale AD forests, multi-tier domain environments, and enterprise certificate lifecycle management systems. Preference will be given to candidates with consulting engagement experience with Microsoft, Venafi, or other leading PKI/CLM vendors.

Key Responsibilities

• Assess existing AD and PKI environments, identify gaps, and develop strategic roadmaps for optimization and modernization.
• Design and architect enterprise-scale Active Directory forests, multi-tier domain environments, and certificate lifecycle management (CLM) solutions.
• Implement and maintain secure, scalable, and resilient AD and PKI infrastructures.
• Lead enterprise certificate lifecycle management (CLM) deployments, integrations, and automation.
• Collaborate with cross-functional IT, Security, and Infrastructure teams to ensure seamless integration with enterprise systems.
• Provide technical leadership, guidance, and best practices to internal teams and stakeholders.
• Ensure compliance with security, regulatory, and industry standards related to identity, authentication, and encryption.
• Support troubleshooting, performance tuning, and high-availability solutions for AD/PKI platforms.

Required Qualifications

• 10+ years of hands-on experience in Active Directory architecture, administration, and migration.
• 7+ years of experience in PKI architecture, deployment, and lifecycle management.
• Proven experience managing large-scale AD forests and multi-tier domain environments.
• Strong expertise in certificate authorities (CA), CRL/OCSP, HSMs, and authentication mechanisms
• Deep knowledge of identity security, authentication protocols (Kerberos, LDAP, SAML, OIDC), and encryption standards.
• Familiarity with PowerShell scripting and automation of AD/PKI tasks.
• Experience in high-availability, disaster recovery, and performance optimization for AD/PKI.

Preferred Qualifications

• Consulting engagement experience with Microsoft, Venafi, DigiCert, Entrust, Keyfactor, or other leading PKI/CLM vendors.
• Expertise in Azure AD / Entra ID, hybrid identity, and cloud-integrated PKI solutions.
• Security certifications such as MCSE, CISSP, CCSP, or Microsoft Certified: Identity and Access Administrator Associate.
• Prior experience in large enterprise environments (Fortune 500, financial, healthcare, or government).

Soft Skills

• Strong communication and stakeholder management skills.
• Ability to lead technical discussions with both business and IT executives.
• Consulting experience with ability to produce high-quality technical documentation and presentations.