Public Key Infrastructure (PKI) Engineer

Public Key Infrastructure (PKI) Engineer

2025-12-02 - 2026-01-01

Temp

CPT003338

Information Technology

Our client, a leading international organization, is looking for an experienced PKI Engineer to lead their infrastructure protection strategy and drive enterprise-grade security solutions.

Join a forward-thinking security team where you'll architect, implement, and operate critical PKI infrastructure that protects organizational assets and enables secure digital operations across cloud and on-premises environments.

Strategic Leadership

• Lead infrastructure protection strategy for internal PKI and credential management security
• Design and implement enterprise-grade PKI solutions including Certificate Authorities, HSMs, and certificate lifecycle management platforms
• Define trust strategies and governance requirements for Certification Authorities
• Prepare PKI infrastructure for future post-quantum cryptography migration

Technical Implementation

• Architect and manage internal PKI infrastructure (CA, RA, CRL, OCSP, HSM integrations)
• Design certificate lifecycle automation using ACME protocols, PowerShell, Python, and enterprise CLM tools
• Install and manage certificates across diverse platforms: Windows, Linux/Unix, Apache, Tomcat, Java Keystore, F5, Azure Key Vault
• Implement automated certificate renewal programs and manage revocation, enrollment, and renewal processes

Operations & Collaboration

• Provide PKI support for application integrations including TLS/SSL, S/MIME, 802.1x, Smartcards, and Code Signing
• Collaborate with IAM, Infrastructure, Security, and Application teams on integrated identity solutions
• Monitor and troubleshoot PKI-related issues while maintaining high availability and disaster recovery readiness
• Develop Certificate Policy and Certificate Practice Statements (CP/CPS) aligned with industry standards

Must-Have Qualifications

• Proven hands-on experience implementing PKI solutions in production environments
• Solid understanding of PKI architecture and its core components
• Experience working with cloud platforms, particularly Azure
• Knowledge of Identity and Access Management (IAM), Multi-Factor Authentication (MFA), and Single Sign-On (SSO)
• Previous project leadership experience, specifically in PKI initiatives

Technical Expertise Required

• Strong knowledge of enterprise PKI operations, cryptographic algorithms (symmetric/asymmetric), digital signatures, compliance, auditing, and key management
• Experience with certificate management platforms: Active Directory Certificate Services, GlobalSign, Sectigo, DigiCert, Keyfactor, or OpenSSL
• Understanding of OCSP, CA, RA, CRL, and BYOK configurations
• Comprehensive knowledge of PKI/HSM ecosystem including technology, standards, implementations, and migration strategies
• Proficiency with scripting for administrative automation and infrastructure-as-code approaches

Certifications & Standards Knowledge

• Microsoft certifications (Azure Security Engineer, MCSA, or equivalent)
• Knowledge of PKI standards: X.509, CP/CPS, CA/Browser Forum Baseline Requirements
• Familiarity with CA/B Forum, RFC 5280, RFC 6960 (OCSP)
• Experience with containerized environments and Kubernetes certificate management

Start date is as soon as possible with a contract period of possible 2 years.

Working hours will be from 16h00 to 00h00 as you need to operate in New York time zone.

Please note that only shortlisted candidates will be contacted