PKI Engineer

Job Title: PKI Engineer
Location: Remote

Duration :6 Months+
Job Type: C2C

Job Summary:

We are seeking a skilled PKI Engineer to design, implement, manage, and support enterprise-level PKI and certificate management systems. The ideal candidate will have deep expertise in encryption technologies, certificate lifecycle management, and strong knowledge of security best practices. You will play a key role in securing our digital assets and maintaining trust across internal and external communications.

Key Responsibilities:

• Design, deploy, and maintain Public Key Infrastructure (PKI) systems including Root CAs, Intermediate CAs, and subordinate CAs.
• Manage digital certificate lifecycle processes including issuance, renewal, revocation, and auditing.
• Administer and support tools for certificate management (e.g., Microsoft ADCS, Venafi, DigiCert, Keyfactor, etc.).
• Implement automation for certificate issuance and renewal using tools like Ansible, PowerShell, or Python.
• Work closely with security, infrastructure, and application teams to integrate PKI solutions into various platforms.
• Ensure compliance with industry regulations (e.g., NIST, FIPS 140-2, ISO 27001) and internal security policies.
• Perform root cause analysis and troubleshoot PKI-related issues across different environments (Windows, Linux, cloud platforms).
• Develop and maintain PKI documentation including architecture diagrams, policies, and procedures.
• Monitor PKI system health and performance and respond to incidents or outages.

Required Qualifications:

• Bachelor s degree in Computer Science, Information Security, or related field (or equivalent experience).
• 3 5+ years of experience working with PKI technologies and certificate lifecycle management.
• Hands-on experience with Microsoft Active Directory Certificate Services (ADCS) and/or third-party PKI solutions.
• Strong understanding of cryptographic protocols (TLS, SSL, S/MIME, etc.), encryption standards, and key management.
• Experience with HSMs (Hardware Security Modules) and secure key storage practices.
• Familiarity with scripting for automation (PowerShell, Bash, Python, etc.).
• Solid knowledge of networking, authentication (LDAP, Kerberos, SAML, OAuth), and cloud environments (AWS, Azure, Google Cloud Platform).

Preferred Qualifications:

• Certifications such as CISSP, CEH, GIAC, or Microsoft Certified: Azure Security Engineer Associate.
• Experience with certificate management platforms (e.g., Venafi, Keyfactor, DigiCert CertCentral).
• Understanding of DevOps practices and CI/CD integration with PKI.
• Experience with compliance audits and responding to security assessments.
• Knowledge of Zero Trust architecture and secure identity frameworks.

Soft Skills:

• Strong analytical and problem-solving skills.
• Excellent written and verbal communication.
• Ability to manage multiple tasks and projects in a fast-paced environment.
• Team-oriented mindset with a proactive approach to security.