Senior PKI Engineer / SME

About CCS Global Tech

CCS Global Tech is a rapidly growing Information Technology company with a diverse portfolio of technology products and services and a large network of industry partnerships. With over 22 years of being a successful business with a global talent pool and presence, CCS is a certified Microsoft Gold Partner and specializes in delivering expert Microsoft based solutions for technical and business needs. We have been recognized by Inc. 500 Magazine as one of the fastest growing small companies in the Unites States.

We are a Tier 1 vendor for the City and County of San Francisco for Cloud Services, Staffing Services and Training Services. For this multi-year opportunity with a diverse set of needs to address, we are currently focusing on establishing partnerships with individuals as well as companies who can help us enhance our overall service portfolio, cut lead times, and ultimately help us deliver successfully. We currently hold sizable Government accounts in the San Francisco bay area including City and County of San Francisco, San Mateo County, and Santa Clara County.

We take great pride in our global reach and local influence. Your experience alongside our highly skilled and talented internal team who guide you along the way, offers key insights into what helps you stand out in a competitive job market.

If you are a partner company, please submit resumes with contact information of your own W2 Consultants only. Submitted consultants are expected to have excellent communication skills.

Senior PKI Engineer / SME

TS/SCI (active required)

Joint Base Anacostia-Bolling (JBAB)

$180K $205K

What This Job Feels Like

• Work centers on designing and maintaining trust models that other systems depend on, often with little margin for error.
• Problems are rarely straightforward-solutions must account for vendor constraints, security requirements, and interoperability edge cases.
• Ownership of PKI architecture and implementation from policy design through operational support.
• High OPTEMPO; requires precision, persistence, and disciplined follow-through.

What You'll Do

• Design and manage PKI architectures, including root/intermediate hierarchies, chains of trust, and certificate lifecycle processes.
• Create and maintain segmented trust models (organizational partitions, cross-domain trust, constrained intermediates).
• Generate and support certificates for diverse use cases, including handling vendor-specific constraints and non-standard requirements (e.g., wildcard usage, SAN configurations, custom extensions).
• Troubleshoot certificate validation issues across systems, applications, and network boundaries.
• Collaborate with systems, network, and application teams to ensure certificates function correctly within their environments.
• Define and enforce certificate policies, revocation strategies (CRL/OCSP), and security controls.
• Mentor engineers on PKI fundamentals and correct implementation practices.

Tech Knowledge / Skills

• PKI fundamentals: X.509, certificate chains, trust stores, key management
• Microsoft CA, OpenSSL, and other PKI tooling
• TLS/SSL, mutual authentication, certificate-based access control
• CRL, OCSP, revocation and lifecycle management
• Integration points: web servers, load balancers, applications, network devices

Requirements

• 8+ years experience in PKI, security engineering, or related systems roles in secure/cleared environments
• Active TS; must be able to obtain TS/SCI
• Professional certification required; expert-level capability preferred
• Demonstrated ability to design and troubleshoot PKI systems across multiple platforms and vendors
• Experience with complex trust models and real-world certificate interoperability challenges

Location

On-site at Joint Base Anacostia-Bolling (JBAB)