PKI Lead Engineer

Overview

The PKI Lead Engineer serves as the senior technical authority for the design, implementation, and sustainment of enterprise Public Key Infrastructure services that enable secure authentication, encryption, and digital signatures across the client’s IT environment. This role leads the lifecycle management of digital certificates and cryptographic keys, ensuring resilient, compliant, and well-governed PKI capabilities that protect sensitive information and support mission critical access control.

• Lead the design, implementation, and ongoing operations of enterprise PKI infrastructures, including root and subordinate certificate authorities, registration authorities, and associated hardware and software components.
• Manage the full lifecycle of digital certificates and cryptographic keys for users, devices, applications, and services, including issuance, renewal, suspension, and revocation with strong controls and automation.
• Develop, document, and enforce PKI policies, certification practice statements, standards, and procedures aligned to enterprise security and regulatory requirements.
• Integrate PKI services with identity and access management platforms, directory services, network security controls, and secure application architectures to enable strong authentication and encryption.
• Monitor, audit, and assess PKI infrastructure health and compliance, performing regular reviews, root cause analyses, and remediation activities to maintain high availability and integrity.
• Lead the evaluation, selection, and implementation of PKI related tools, including certificate discovery, management, and automation solutions, and recommend improvements to strengthen cryptographic services.
• Collaborate with security operations and application teams to analyze and respond to PKI related incidents, vulnerabilities, and findings, including support for penetration testing and secure code initiatives.
• Provide expert guidance, training, and mentoring to engineers and developers on PKI usage, certificate management best practices, and secure cryptographic design patterns in enterprise environments.

• Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, Engineering, or related technical discipline, or equivalent relevant experience.
• Minimum of 8 years of experience in cybersecurity, security engineering, or network security roles, including significant hands-on exposure to PKI or cryptographic services.
• Demonstrated experience designing, implementing, and operating enterprise PKI solutions, including certificate authorities, key management, and certificate lifecycle workflows.
• Strong knowledge of authentication, authorization, and encryption concepts, including TLS, digital signatures, certificate based access control, and related standards (for example, X.509, OCSP, CRL).
• Ability to obtain and maintain a Public Trust investigation, with US citizenship required in support of federal client requirements.
• Proficiency with Unix/Linux or similar operating systems and enterprise infrastructure environments used to host PKI and security services.

• Advanced cybersecurity certifications such as CISSP, CISM, CISA, or CRISC demonstrating broad security architecture and governance expertise.
• Experience integrating PKI with identity and access management platforms, federated identity standards (for example, SAML), and role based access control models in large enterprises.
• Background supporting PKI and cryptographic services in complex federal or regulated IT environments with rigorous compliance requirements.
• Hands-on experience with certificate discovery and management tools, hardware security modules, and automation frameworks for large-scale certificate deployment.
• Familiarity with secure software development practices, application security testing, and remediation of cryptographic vulnerabilities across web and service architectures.
• Prior experience leading small technical teams or serving as a subject matter expert for enterprise security initiatives.

• Enterprise PKI Architecture -- Designs and documents scalable PKI…