×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cloud Computing Systems Administrator Cybersecurity IT Consultant

PKI Engineer

Job in Minneapolis, Hennepin County, Minnesota, 55400, USA
Listing for: U.S. Bank
Full Time position
Listed on 2026-03-07
Job specializations:
  • IT/Tech
    Cloud Computing, Systems Administrator, Cybersecurity, IT Consultant
Salary/Wage Range or Industry Benchmark: 80000 - 100000 USD Yearly USD 80000.00 100000.00 YEAR
Job Description & How to Apply Below

Job Description

At U.S. Bank, we’re on a journey to do our best. Helping the customers and businesses we serve to make better and smarter financial decisions and enabling the communities we support to grow and succeed. We believe it takes all of us to bring our shared ambition to life, and each person is unique in their potential. A career with U.S. Bank gives you a wide, ever-growing range of opportunities to discover what makes you thrive at every stage of your career.

Try new things, learn new skills and discover what you excel at—all from Day One.

Location expectations

This role requires working from a U.S. Bank location three (3) or more days per week.

ESSENTIAL FUNCTIONS
  • Manage internal Certificate Authority (Active Directory Certificate Services) including, but not limited to, certificate templates, issuing and revocation of internal certificates, PKI administration, automated certificate issuance for server certificates, client certificates, SMIME certificates, and Code Signing certificates.
  • Maintain Certificate Revocation List (CRL) distribution servers critical to the entire enterprise environment. Maintain NDES/SCEP protocol servers critical to certificate distribution for corporate Apple/Mac workstations. Manage external Certificate Authority (Digi Cert CA) including issuing and revocation of externally signed certificates, and Domain Control Validation (DCV) process.
  • Knowledge of PKI and security-related concepts, with some experience in administration and configuration of certificate configurations on Windows and Linux OS, along with other platforms in the organization.
  • Familiarity with configuration and management of HSMs used to secure private keys.
  • Troubleshooting certificate configuration and TLS issues.
  • Experience with Certificate Management solutions including Venafi, API integrations with Venafi, alerting and automation, and integrations with various other software solutions for certificate issuance and monitoring.
  • Supporting multiple software, middleware, or hardware projects requiring authentication or backend communications between internal business lines, or between company and external third parties including Cloud environments (Azure, AWS, GCP).
  • Provide necessary mentoring and training to all certificate owners regarding maintaining certificate security and industry level best practices.
  • This position needs to keep up to date with the latest change in certificate regulations set by Certificate Authority and Browser (CA/B) Forum.
  • Identify and manage all server (machine) SSH keys on an enterprise level and scope a multi-year project to replace these never expiring credentials with short-lived SSH certificates.
  • Maintain the life cycle, manage alerting, and potential automation of certificates used by machines.
  • Design, document, and implement operating procedures that include systematic processes and delegation for the machine identity lifecycle and maintenance tasks.
SPECIFICATIONS

Working knowledge of authentication and authorization through multifactor (MFA), Mutual TLS (mTLS), single sign-on (SSO), and LDAP/Kerberos integrations using certificates. Working knowledge of Windows Power Shell scripting used for certificate automation and processing.

Strong proficiency in cryptography, cryptographic standards, risk base compliance, and zero-trust. Knowledge of x509 standards as it relates to digital certificates, SSH keys, and PKI administration.

Preferred Bachelor’s degree in Information Technology/Security, and/or 4-6 years of equivalent work experience (Helpdesk, System Administration, Middleware) with a minimum of 1-3 years of experience as it relates to PKI administration, certificate management using Venafi, with working knowledge of mTLS, SSO, LDAP/Kerberos integrations or equivalent knowledge/experience.

Machine Identity Management goes beyond a solid understanding of Public Key Infrastructure (PKI) administration – which is a basic requirement. This is the next level knowledge or evolution of the inner workings of Machine Identities including, but not limited to SSH keys, SSH certificates, JWT,JWE, SPIFEE,SPIRE, and other forms of machine identity and access controls. This role…

To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)

Job Posting Language
Employment Category
Education (minimum level)
Filters
Education Level
Experience Level (years)
Posted in last:
Salary
Advanced Search