Senior PKI Engineer

THIS JOB IS 5 DAYS A WEEK, ON-SITE, IN EITHER DENVER, CO OR CHARLOTTE, NC! THIS ROLE IS ONLY AVAILABLE ON W2.

Insight Global is seeking a Senior PKI Engineer to join the Global Information Security (GIS) team at a Fortune 50 financial institution. This ideal candidate will design, implement, and operate enterprise‑grade Public Key Infrastructure (PKI) services with a strong focus on Microsoft Active Directory Certificate Services (AD CS) and Active Directory (AD) integration. They will need to have hands‑on implementation and integration knowledge of certificate lifecycle management, CA hierarchy governance, enrollment automation, HSM‑backed key protection, CA backup/restore, migration, and integration with Windows Server, Linux, network/security devices, cloud providers, MDM/EDR, and zero‑trust tools.

• Design and maintain enterprise PKI architectures including Root, Policy, and Issuing CAs.
• Integrate PKI with Active Directory, Entra , Intune/MDM, GPOs, and Azure AD.
• Develop certificate lifecycle policies including revocation and renewal.
• Implement HSM‑backed key storage and disaster recovery designs.

• Own certificate lifecycle management including automation.
• Manage CRL and OCSP publication and availability.
• Implement scripting and automation using Power Shell and APIs.
• Operate and maintain secure PKI infrastructure.

• Apply strong key management practices and CA hardening baselines.
• Perform PKI risk assessments and access reviews.
• Lead incident response for PKI‑related outages.
• Maintain compliance with NIST, CA/B Forum, and internal frameworks.

• 8+ years in Security Engineering or Identity Infrastructure.
• 5+ years hands‑on with Microsoft AD CS and enterprise PKI.
• Deep knowledge of X.509, CRLs, OCSP, EKUs, RSA/ECC, SHA‑2.
• Strong Power Shell, Python, or C# scripting and Windows Server administration skills.
• Experience with Linux PKI, TLS/SSL, VPN authentication.
• Azure PKI integrations and HSM experience (Thales, Entrust, nCipher).