Design, deploy, and maintain enterprise PKI environments, including root and subordinate CAs, CRLs, OCSP, and HSMs.
Manage the certificate lifecycle for internal and external systems including issuance, renewal, revocation, and monitoring.
Integrate PKI with services such as SSL/TLS, S/MIME, VPN, code signing, and device authentication.
Support certificate automation and discovery tools (e.g., Venafi, DigiCert, Sectigo, Microsoft AD CS).
Ensure cryptographic compliance with internal security policies and standards such as NIST, FIPS, and ISO 27001.
Troubleshoot and resolve certificate-related issues across web servers, applications, and network devices.
Collaborate with infrastructure, network, cloud, and application teams to integrate PKI solutions securely.
Develop and maintain documentation, including architecture diagrams, SOPs, and recovery procedures.
Participate in security audits, risk assessments, and incident response involving PKI.
Stay current on developments in cryptography, zero trust, and identity management.

Bachelor's degree in Cybersecurity, Computer Science, or a related technical field.
4+ years of experience in IT security, with at least 2+ years focused on PKI or certificate management.
Strong knowledge of:
X.509 certificates, TLS/SSL, S/MIME, and IPSec
Microsoft Certificate Services (AD CS)
OCSP/CRL, smart cards, token-based authentication
Hands-on experience with HSMs (e.g., Thales, SafeNet) and certificate automation platforms.
Understanding of network security, identity and access management (IAM), and encryption protocols.
Experience working in regulated or compliance-heavy environments (e.g., PCI, HIPAA, FedRAMP).

PKI Security Engineer