PKI Systems Engineer

  • SPRINGFIELD, VA
  • Posted 43 days ago | Updated 2 hours ago

Overview

On Site
Full Time

Skills

PKI
NIST 800-53
Microsoft Windows Server administration
Resource management
Systems design
Server hardware
Operating systems
Engineering support
Problem analysis
Test cases
Hardware QA
System documentation
Systems architecture
Security controls
Technical direction
Tier 3
Microsoft Servers
Network design
TCP/IP
Network monitoring
VMware ESXi
Fiber channel
Information Technology
Systems engineering
Security clearance
DOS
Cloud computing
Management
Storage
Switches
Computer hardware
Authentication
SAML
Migration
Policies
National Institute of Standards and Technology
Testing
Evaluation
Documentation
Automation
Governance
Algorithms
Network
Cisco
Computer networking
Virtualization
VMware
SANS
Supervision
Communication
Analytical skill
SAP BASIS
FOCUS

Job Details

Job ID: 2405202

Location: SPRINGFIELD, VA, US

Date Posted: 2024-04-09

Category: Cyber

Subcategory: Cyber Engineer

Schedule: Full-time

Shift: Day Job

Travel: No

Minimum Clearance Required: None

Clearance Level Must Be Able to Obtain: Top Secret

Potential for Remote Work: No

Description

The Vanguard 2.2.1 contract currently has an opening for a Public Key Infrastructure (PKI) Systems Engineer to support the Department of State (DoS) Bureau of Information Resource Management (IRM) PKI program. This program provides transparent security services in support of the Department's goals to secure communications among Department staff and systems. The position falls under the "SI Division support service line of the contract.

It will be a senior level PKI engineering position, providing PKI engineering and integration support, administering, maintaining, and deploying various PKI systems on prem and in cloud.

Responsibilities include:
  • Performing all aspects of systems design and PKI engineering in support of various PKI systems deployed at the Department of State.
  • Manage and maintain enclaved server hardware, storage, switches, server operating systems, and Hardware Security Modules (HSMs)
  • Providing in-depth subject matter expertise for engineering support related to Public Key Infrastructure (PKI) systems, especially in a government setting.
  • Maintaining existing PKI systems - patch existing systems, deploy new components based on customer demand
  • Assist in evaluating and deploying solutions to support modern authentication (i.e SAML based authentication, FIDO2, PIV Derived Credential, etc....)
  • Assist in designing and deploying solution in support of migrating to a Zero Trust Architecture environment
  • Performing problem analysis following any service issues to prevent recurrence
  • Identifying security risks to customer systems and suggest mitigations
  • Designing, building, and managing PKI enclaves conforming to the policies and standards of the Department of State, Homeland Security Presidential Directive 12 (HSPD-12), Federal Bridge Certification Authority (FBCA), National Institute of Standards and Technology (NIST), and other policies and standards as required.
  • Identifying security architectures and implementation gaps, vulnerabilities, and risks; developing, testing, and implementing solutions to address the gaps, and new or updated requirements.
  • Developing test cases for software/hardware testing and developing test evaluation reports for stakeholders.
  • Developing and updating systems documentation (e.g., ConOps, Operating procedures, systems architecture documents.)
  • Ensuring the NIST 800-53 Rev. 4 security controls, where applicable, are in place and validated on all PKI systems.
  • Contribute to the technical direction on all areas of PKI architecture, strategies and automation and enforce governance and standards.

Qualifications

Required Education & Experience :
  • Bachelors and nine (9) years or more of relevant experience; may accept additional experience in lieu of degree.
  • Possess strong skills in designing, installing, configuring, and maintaining PKI systems.
  • Experience in providing tier-3 level support in large enterprises.
  • Strong background in the Microsoft server operati ng systems and Certificate Authority (CA) providers.
  • General understanding of cryptographic keys, symmetric and asymmetric keys, cryptographic key algorithms and cipher blocks.
  • Working knowledge with network devices particularly Cisco switches.
  • Network infrastructure diagnostics (TCP/IP general networking knowledge, network monitoring tools).
  • Virtualization technologies - VMWare ESXI, vCenter, VMWare NSX.
  • Working knowledge of external storage solutions, storage area networks (SANs), and Fiber Channel networks.
  • Professionally and effectively communicate; both verbal and written at all levels within the organization.
  • Ability to think analytically, troubleshoot, and solve problems.
  • Ability to troubleshoot and resolve network/application/operating system issues.
  • Self-starter, able to work independently with minimum supervision.
  • Excellent MS-Windows Server administration & maintenance skills.
  • Excellent oral and written communication skills.
  • Excellent analytical and troubleshooting skills.

Required Clearance :
  • ship.
  • Ability to obtain top secret clearance.

Highly Preferred Skills :
  • Cloud Key vaulting, Zero Trust Architecture and modern authentication know how


SAIC accepts applications on an ongoing basis and there is no deadline.

Covid Policy: SAIC does not require COVID-19 vaccinations or boosters. Customer site vaccination requirements must be followed when work is performed at a customer site.


About SAIC