Description
PKI Engineer to design, implement, and operate enterprise-grade Public Key Infrastructure (PKI) services with a strong focus on Microsoft Active Directory Certificate Services (AD CS) and Active Directory (AD) integration. Handson implementation and integration knowledge of certificate lifecycle management, CA hierarchy governance, enrollment automation, HSM-backed key protection, CA backup restore, migration and integration with platforms such as Windows Server, Linux, network/security devices, cloud providers, MDM/EPP, and zero-trust tooling. Subject matter expert for cryptographic standards, certificate-based authentication, and PKI security controls across the organization.
Required experience:
1. ADCS (Active Directory Certificate Services)
2. Integrate PKI with Active Directory (AD forests/domains, ADCS, AIA/CDP locations, GPOs)
3. Deploy, Configure, Implement, Install,
Architecture & Design
Design and maintain enterprise PKI architectures (Root CA, Policy CA, Issuing CA) with offline/air gapped roots, secure key ceremonies, key usage, and issuance workflows and robust CRL/OCSP distribution.
Engineer solutions for mutual TLS, 802.1X (wired/wireless/VPN), device identity, code signing, S/MIME, BitLocker, and disk/volume encryption certs.
Key sizes, algorithms (RSA, ECC and PQC) encryption and hashing.
Implement HSM-backed key storage for CAs and code signing; lead key ceremonies, disaster recovery designs.
Operations & Automation
Own certificate lifecycle management (issuance, renewal, revocation) including automation via Intune, GPO/Autoenrollment, SCEP/NDES, ACME, or MDM connectors.
Manage CRL/OCSP publication, monitoring, and availability, design highly available, geo-distributed revocation endpoints.
Implement scripting/automation (PowerShell, APIs) for bulk issuance, inventory, renewal, and drift detection. Enabling separation of duties for secure operation of PKI infrastructure
CA backup, restore renewal and migration strategy
Security & Compliance
Apply strong key management practices (FIPS 140-2/140-3), certificate assurance levels, and secure CA hardening baselines.
Regularly perform PKI risk assessments, access reviews, and control testing (e.g., template permissions, EKU misuse, issuance constraints).
Lead root cause analysis and incident response for certificate/PKI-related outages or security events.
Maintain alignment with NIST, CAB Forum, Microsoft Security Baselines, and internal compliance frameworks (e.g., SOX, PCI, HIPAA, ISO 27001) as applicable.
Skills
ADCS, Active Directory Certification Services, PKI, Automation, Active directory
Top Skills Details
ADCS,Active Directory Certification Services,PKI
Additional Skills & Qualifications
Minimum Qualifications
8+ years in Security Engineering/Identity Infrastructure, including 5+ years hands-on with Microsoft AD CS and enterprise Active Directory with managing CA infra
Proven experience designing, deploying, and operating multi-tier Microsoft PKI (offline root, issuing CAs) in large/complex environments.
Deep knowledge of X.509, CRL/OCSP, EKU/KU, SANs, key algorithms and sizes (RSA/ECC), hashing (SHA-2), and certificate validation paths.
Strong PowerShell and Windows Server administration; GPOs, autoenrollment, templates, AIA/CDP configuration.
Experience with 802.1X/EAP-TLS, TLS/mTLS, VPN auth, and device/user certificate issuance at scale.
HSM experience (e.g., nCipher/Entrust/Thales) for CA key management.
Experience Level
Intermediate Level
Job Type & Location
This is a Contract position based out of Charlotte, NC.
Pay and Benefits
The pay range for this position is $75.00 - $85.00/hr.
Eligibility requirements apply to some benefits and may depend on your job classification and length of employment. Benefits are subject to change and may be subject to specific elections, plan, or program terms. If eligible, the benefits available for this temporary role may include the following: Medical, dental & vision Critical Illness, Accident, and Hospital 401(k) Retirement Plan - Pre-tax and Roth post-tax contributions available Life Insurance (Voluntary Life & AD&D for the employee and dependents) Short and long-term disability Health Spending Account (HSA) Transportation benefits Employee Assistance Program Time Off/Leave (PTO, Vacation or Sick Leave)
Workplace Type
This is a fully onsite position in Charlotte,NC.
Application Deadline
This position is anticipated to close on Mar 10, 2026.
>About TEKsystems:
We're partners in transformation. We help clients activate ideas and solutions to take advantage of a new world of opportunity. We are a team of 80,000 strong, working with over 6,000 clients, including 80% of the Fortune 500, across North America, Europe and Asia. As an industry leader in Full-Stack Technology Services, Talent Services, and real-world application, we work with progressive leaders to drive change. That's the power of true partnership. TEKsystems is an Allegis Group company.
The company is an equal opportunity employer and will consider all applications without regards to race, sex, age, color, religion, national origin, veteran status, disability, sexual orientation, gender identity, genetic information or any characteristic protected by law.
About TEKsystems and TEKsystems Global Services
We're a leading provider of business and technology services. We accelerate business transformation for our customers. Our expertise in strategy, design, execution and operations unlocks business value through a range of solutions. We're a team of 80,000 strong, working with over 6,000 customers, including 80% of the Fortune 500 across North America, Europe and Asia, who partner with us for our scale, full-stack capabilities and speed. We're strategic thinkers, hands-on collaborators, helping customers capitalize on change and master the momentum of technology. We're building tomorrow by delivering business outcomes and making positive impacts in our global communities. TEKsystems and TEKsystems Global Services are Allegis Group companies. Learn more at TEKsystems.com.
The company is an equal opportunity employer and will consider all applications without regard to race, sex, age, color, religion, national origin, veteran status, disability, sexual orientation, gender identity, genetic information or any characteristic protected by law.
Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.
- Dice Id: 101054TS
- Position Id: JP-005852865
- Posted 15 hours ago
Never miss an opportunity! Create an alert based on the job you applied for.