Senior PKI Solutions Engineer

About

Join our dynamic team as a Senior PKI Solutions Engineer, where you will design, implement, and manage cutting-edge enterprise Public Key Infrastructure services that provide secure authentication, encryption, and digital signatures for mission-critical systems. As a primary technical authority, you will play a pivotal role in certificate lifecycle management, key management, and trust architectures in both on-premises and cloud environments. Your expertise will help define PKI standards, policies, and integration patterns for diverse applications, devices, and identities, while leading modernization and automation initiatives for robust, scalable cryptographic services.

Key Responsibilities

• Architect and maintain robust enterprise PKI solutions, including certificate authorities, registration authorities, OCSP/CRL distribution, and hardware security modules, ensuring high availability and adaptability to evolving cryptographic standards.
• Manage end-to-end certificate lifecycle activities for users, services, devices, and workloads, incorporating automated issuance, renewal, revocation, and inventory management in hybrid and multi-cloud setups.
• Design comprehensive PKI trust models and integration methods for TLS/SSL, S/MIME, code signing, VPN, Wi-Fi, and device authentication, supporting zero-trust access and strong identity assurance.
• Implement effective PKI security and certificate policies in alignment with government and industry standards, ensuring compliance and security integrity.
• Develop automation scripts using PowerShell or Python along with APIs to enhance PKI operations, monitoring, key rotation, and compliance reporting across the enterprise.
• Lead incident response efforts for certificate-related issues, including swift revocation, re-issuance, key rotation, and coordinating with security operations teams.
• Collaborate with identity, network, and application security architects to ensure that PKI requirements are interwoven within new platforms, while updating or remediating any legacy systems.
• Conduct risk assessments and audits focused on cryptographic controls, creating remediation roadmaps to address vulnerabilities such as algorithm deprecation and weak ciphers.

Required Qualifications

• Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or a related field, or equivalent experience.
• A minimum of 8 years in cybersecurity engineering or a related field, with at least 5 years specializing in PKI architecture and operations.
• In-depth understanding of cybersecurity, network security, and information systems, particularly standards-based security architectures and identity services.
• Proven expertise with enterprise PKI platforms, certificate lifecycle management, and hardware security modules across both on-premises and cloud environments.
• Strong scripting and automation skills in PowerShell or Python for managing large-scale PKI operations and compliance.
• Exceptional problem-solving, analytical, and communication skills, with the ability to effectively manage multiple initiatives and incident responses.
• Must be able to obtain and maintain a SECRET clearance; U.S. citizenship required.
• Less than 10% travel may be required.

Preferred Qualifications

• Experience in engineering PKI solutions for large federal or defense environments, including smart card integration, PIV/CAC, and enterprise identity governance.
• Professional certifications such as CISSP, CCSP, or specialized vendor PKI/cryptography credentials signifying advanced knowledge in cryptography.
• Experience in leading cryptographic modernization initiatives like algorithm migrations or enhancing key lengths.
• Familiarity with zero-trust architectures and PKI's role in reinforcing identity assurance across devices and services.

Compensation Ranges

This position offers a compensation range that reflects various factors, including location, skill set, education, certifications, contract-specific affordability, government clearance level, and experience. The compensation mentioned is a guideline based on these factors.

EEO Requirements

ASM upholds equal employment opportunities and prohibits discrimination based on race, color, religion, sex, disability, age, sexual orientation, or national origin in the hiring, training, and promotion of staff.

Physical Requirements

This role may require performing physical tasks represented in the job responsibilities. Reasonable accommodations can be provided for qualified individuals with disabilities.

Disclaimer

This job description is intended to outline the primary functions and responsibilities of the role, without being exhaustive regarding every task and skill required.

Compensation

$139k - $159k