Experienced Public Key Infrastructure Architect Engineer

DXC Experienced Public Key Infrastructure (PKI) Engineer — The DXC Experienced PKI Engineer leads the design, architecture, and strategic implementation of PKI solutions. This role is responsible for developing secure, scalable, and compliant PKI architectures while overseeing complex troubleshooting, security risk mitigation, and integration with enterprise security frameworks.

• Design and architect enterprise-grade PKI solutions tailored to business security needs.

• Define PKI strategy and governance, ensuring compliance with industry standards and regulations.

• Lead certificate lifecycle management strategies, including automation, scalability, and security best practices.

• Develop cryptographic solutions to secure enterprise data and applications.

• Perform advanced troubleshooting of PKI-related security incidents, authentication failures, and cryptographic key management issues.

• Guide and mentor PKI engineers, providing expertise in deployment, security hardening, and optimization.

• Collaborate with security architects, IAM teams, and cloud security engineers to integrate PKI with identity management frameworks.

• Conduct risk assessments and PKI security audits, implementing corrective actions as needed.

• Research and evaluate emerging PKI technologies to enhance security operations and future-proof infrastructure.

• Bachelor's degree in Information Assurance, Computer Science, Cybersecurity, Information Systems, or a related field, or an equivalent combination of education and experience.

• Minimum 5+ years of experience in an engineering role with progressively complex responsibilities, including project management, engineering remediation, and strategic planning.

• Expertise in Public Key Infrastructure (PKI) implementation and management.

• Strong authentication and multi-factor authentication (MFA) technologies.

• Expertise in Code Signing solutions, including the implementation, management, and security of code signing certificates to ensure software integrity and authenticity. Experience with certificate-based digital signatures, hashing algorithms, and best practices for protecting private keys, including the use of Hardware Security Modules (HSMs) for secure key storage. Understanding of enterprise-wide code signing policies, automation of certificate issuance and renewal, and integration with DevSecOps pipelines to enforce secure software development practices

• Expertise in cryptographic services and data protection methodologies, including the design, implementation, and management of encryption solutions to safeguard sensitive data at rest, in transit, and in use. Strong understanding of symmetric and asymmetric encryption algorithms (AES, RSA, ECC), key management best practices, and secure cryptographic storage using Hardware Security Modules (HSMs).

• Industry-recognized security certification required, such as CISSP, SSCP, CISM, SANS GSEC, ECSA, ECSP, or Security+.

• Advanced knowledge of Microsoft PKI, OCSP, HSMs, KeyFactor, and Venafi software services.

• Expertise in SSL certificate management, including concepts, processes, and solution implementation.

• Expert-level experience in Microsoft Certificate Management Services and Active Directory Domain Services.

• Extensive experience in PKI implementation and certificate lifecycle management.

• Cloud-based PKI solution development with Azure or AWS architectures.

• Strong understanding of digital certificate lifecycle management, including different certificate types and use cases.

• Broad knowledge of PKI vendors and available technical solutions in the market.

• Experience with cryptographic protocols, services, and industry standards.

• Ability to gather, refine, and analyze business requirements to develop innovative security solutions.

• Exceptional communication skills, both written and verbal.

• Strong leadership, consultative questioning, and influence management skills.

• Ability to manage professional relationships, present data-driven recommendations, and drive engineering decisions that align with business objectives

DXC is an equal opportunity employer. We welcome the many dimensions of diversity. Accommodation of special needs for qualified candidates may be considered within the framework of the DXC Accommodation Policy.

In addition, DXC Technology is committed to working with and providing reasonable accommodation to qualified individuals with physical and mental disabilities. If you need assistance in filling out the employment application or require a reasonable accommodation while seeking employment, please e-mail AODA Canada Requests.

Note: This option is reserved for applicants needing a reasonable accommodation related to a disability.

At DXC Technology, we believe strong connections and community are key to our success. Our work model prioritizes in-person collaboration while offering flexibility to support wellbeing, productivity, individual work styles, and life circumstances. We’re committed to fostering an inclusive environment where everyone can thrive.

Recruitment fraud is a scheme in which fictitious job opportunities are offered to job seekers typically through online services, such as false websites, or through unsolicited emails claiming to be from the company. These emails may request recipients to provide personal information or to make payments as part of their illegitimate recruiting process. DXC does not make offers of employment via social media networks and DXC never asks for any money or payments from applicants at any point in the recruitment process, nor ask a job seeker to purchase IT or other equipment on our behalf.More information on employment scams is available here.