Experis
Public Key Infrastructure (PKI) Engineer
Experis, Washington, District of Columbia, us, 20022
Public Key Infrastructure (PKI) Engineer
Join to apply for the
Public Key Infrastructure (PKI) Engineer
role at
Experis
Key Details Position:
Public Key Infrastructure (PKI) Engineer
Location:
Washington, DC (metro accessible) - Must work EST Hours (there is no requirement to be onsite)
Duration:
Through Fiscal Year End (April 2026) with possible 1‑year extension
Key Responsibilities
Run the Day-to-Day PKI Operations
No Hands‑on at this time (but has had most or all of the responsibilities listed below at one time or another) - be the "choreographer, not the dancer"
"Run the Show" (but not a PM - they have that position filled already)
Know how PKI works and how PKI 'should' work
Will have been responsible for most of these skillsets at some point in the past (and can provide examples):
Lead the infrastructure protection strategy to create, evolve, and secure internal PKI and credential management security strategy.
Design, implement, and operate enterprise‑grade PKI solutions, including internal and external Certificate Authorities (CAs), Hardware Security Modules (HSMs), and certificate lifecycle management platforms.
Create design components, develop code, and test changes using test‑driven development methodologies.
Provide subject matter expertise in resolving complex problems related to PKI environment.
Manage, secure, engineer and provide governance for key and certificate management services, including robust, enterprise‑grade PKI, certificate lifecycle management (CLCM), infrastructure automation and credential management (CMS) systems.
Implement and maintain automated certificate renewal programs; capture use‑cases for certificate revocation, enrollment & renewal processes.
Monitor creation of encryption keys to ensure protection against modification and unauthorized disclosure.
Define Trust Strategies and understand security and governance requirements for Certification Authorities.
Architect and manage internal PKI infrastructure including CA, RA, CRL, OCSP, and HSM integrations.
Design and implement certificate lifecycle automation using ACME protocols, scripting (e.g., PowerShell, Python), and enterprise CLM tools.
Install and manage certificates across platforms: Windows, Linux/Unix, Apache, Tomcat, Java Keystore, F5, Azure Key Vault.
Implement digital certificate policies aligned with X.509 standards and CA/Browser Forum baseline requirements.
Develop and maintain Certificate Policy and Certificate Practice Statements (CP/CPS).
Provide PKI support for application integrations, including TLS/SSL, S/MIME, 802.1x, Smartcards, and Code Signing.
Collaborate with IAM, Infrastructure, Security, and Application teams to integrate PKI into broader identity solutions.
Contribute to change management and documentation using ITSM tools (ServiceNow, Remedy).
Maintain high availability and disaster recovery readiness for PKI infrastructure.
Track and report on PKI service metrics, SLAs, KPIs, and KRIs to ensure operational excellence.
Develop and maintain SOPs, technical documentation, and training materials.
Preferred Skills
Strong technical knowledge of:
Enterprise PKI Operations
Cryptographic Algorithms (symmetric/asymmetric)
Digital Signatures
Strong understanding of:
Compliance
Auditing
Key Management
Microsoft certifications (e.g., Azure Security Engineer, MCSA).
Knowledge of CA/B Forum, RFC 5280, RFC 6960 (OCSP).
Familiarity with containerized environments and Kubernetes certificate management.
Experience with Active Directory Certificate Services, GlobalSign, Sectigo, DigiCert, Keyfactor, OpenSSL, or other certificate management platforms.
Understanding of OCSP, CA, RA, CRL, and BYOK configurations.
Comprehensive understanding of the PKI/HSM ecosystem, including technology, standards, implementations, and migration strategies.
Experience with developing scripts for administrative and automation tasks.
Collaborate with other IT and Operational teams to integrate PKI solutions with existing systems/applications.
Monitor and troubleshoot PKI related issues.
Assist and educate users/administrators with certificate enabled applications, such as SSL/TLS, S/MIME, Code Signing, Smartcard, 802.1x, EAP‑TLS, etc.
Drive technical discussions to understand digital certificate services requirements.
Maintain and enhance global solutions for the digital certificate area ensuring high availability and disaster recovery.
Knowledge of PKI Standards including X.509, CP/CPS, CA/Browser Forum Baseline Requirements.
Seniority Level Mid‑Senior level
Employment Type Contract
Job Function Information Technology
Industries IT Services and IT Consulting
Referrals increase your chances of interviewing at Experis by 2x
#J-18808-Ljbffr
Public Key Infrastructure (PKI) Engineer
role at
Experis
Key Details Position:
Public Key Infrastructure (PKI) Engineer
Location:
Washington, DC (metro accessible) - Must work EST Hours (there is no requirement to be onsite)
Duration:
Through Fiscal Year End (April 2026) with possible 1‑year extension
Key Responsibilities
Run the Day-to-Day PKI Operations
No Hands‑on at this time (but has had most or all of the responsibilities listed below at one time or another) - be the "choreographer, not the dancer"
"Run the Show" (but not a PM - they have that position filled already)
Know how PKI works and how PKI 'should' work
Will have been responsible for most of these skillsets at some point in the past (and can provide examples):
Lead the infrastructure protection strategy to create, evolve, and secure internal PKI and credential management security strategy.
Design, implement, and operate enterprise‑grade PKI solutions, including internal and external Certificate Authorities (CAs), Hardware Security Modules (HSMs), and certificate lifecycle management platforms.
Create design components, develop code, and test changes using test‑driven development methodologies.
Provide subject matter expertise in resolving complex problems related to PKI environment.
Manage, secure, engineer and provide governance for key and certificate management services, including robust, enterprise‑grade PKI, certificate lifecycle management (CLCM), infrastructure automation and credential management (CMS) systems.
Implement and maintain automated certificate renewal programs; capture use‑cases for certificate revocation, enrollment & renewal processes.
Monitor creation of encryption keys to ensure protection against modification and unauthorized disclosure.
Define Trust Strategies and understand security and governance requirements for Certification Authorities.
Architect and manage internal PKI infrastructure including CA, RA, CRL, OCSP, and HSM integrations.
Design and implement certificate lifecycle automation using ACME protocols, scripting (e.g., PowerShell, Python), and enterprise CLM tools.
Install and manage certificates across platforms: Windows, Linux/Unix, Apache, Tomcat, Java Keystore, F5, Azure Key Vault.
Implement digital certificate policies aligned with X.509 standards and CA/Browser Forum baseline requirements.
Develop and maintain Certificate Policy and Certificate Practice Statements (CP/CPS).
Provide PKI support for application integrations, including TLS/SSL, S/MIME, 802.1x, Smartcards, and Code Signing.
Collaborate with IAM, Infrastructure, Security, and Application teams to integrate PKI into broader identity solutions.
Contribute to change management and documentation using ITSM tools (ServiceNow, Remedy).
Maintain high availability and disaster recovery readiness for PKI infrastructure.
Track and report on PKI service metrics, SLAs, KPIs, and KRIs to ensure operational excellence.
Develop and maintain SOPs, technical documentation, and training materials.
Preferred Skills
Strong technical knowledge of:
Enterprise PKI Operations
Cryptographic Algorithms (symmetric/asymmetric)
Digital Signatures
Strong understanding of:
Compliance
Auditing
Key Management
Microsoft certifications (e.g., Azure Security Engineer, MCSA).
Knowledge of CA/B Forum, RFC 5280, RFC 6960 (OCSP).
Familiarity with containerized environments and Kubernetes certificate management.
Experience with Active Directory Certificate Services, GlobalSign, Sectigo, DigiCert, Keyfactor, OpenSSL, or other certificate management platforms.
Understanding of OCSP, CA, RA, CRL, and BYOK configurations.
Comprehensive understanding of the PKI/HSM ecosystem, including technology, standards, implementations, and migration strategies.
Experience with developing scripts for administrative and automation tasks.
Collaborate with other IT and Operational teams to integrate PKI solutions with existing systems/applications.
Monitor and troubleshoot PKI related issues.
Assist and educate users/administrators with certificate enabled applications, such as SSL/TLS, S/MIME, Code Signing, Smartcard, 802.1x, EAP‑TLS, etc.
Drive technical discussions to understand digital certificate services requirements.
Maintain and enhance global solutions for the digital certificate area ensuring high availability and disaster recovery.
Knowledge of PKI Standards including X.509, CP/CPS, CA/Browser Forum Baseline Requirements.
Seniority Level Mid‑Senior level
Employment Type Contract
Job Function Information Technology
Industries IT Services and IT Consulting
Referrals increase your chances of interviewing at Experis by 2x
#J-18808-Ljbffr