Lead PKI Engineer

SecureG Job Description – Sr/Lead PKI Engineering

My direct client provides software-based cybersecurity solutions for networks that operate critical infrastructure including Department of Defense, financial, renewable energy, and telecommunications. My clients product offering is based on Public Key Infrastructure (PKI), which serves as the means for authentication and encryption of data in a network.

This position is for the Lead of PKI Engineering who will design, document, and implement PKI architectures while serving as a thought leader in PKI development. Maintains, documents, and supports Public Key Infrastructure (PKI), Key Management Systems (KMS) and Hardware Security Modules (HSM). Will participate and follow key standards organizations to provide guidance to the CTO for PKI roadmap generation. Serves as the SME for PKI in partner, vendor, and customer interactions.

Essential Functions

·        Lead and execute strategic initiatives around PKI development, deployment, and maintenance to drive class-leading product and industry leading technology

·        Design and deploy infrastructure necessary to support PKI for Critical Infrastructure clients

·        Perform maintenance and support of Public Key Infrastructure (PKI) operations

·        Administer Certification Authority (CA) certificate lifecycles for various applications and solutions

·        Interface with clients to document Certificate Policy, and Certification Practice Statements based on client requirements

·        Understand a Certificate Practice Statement (CPS), including areas of design, deployment, validation, operational and Disaster Recovery/Business Continuity Planning (DR/BCP)

·        Design, test, and document Key Ceremony Scripts for PKI Key material creation

·        Assist in proactive monitoring, alerting, trend analysis for PKI and underlying infrastructure, and support the operations team in implementation 

·        Assist in the development of analytics systems for monitoring and controlling PKI functionality in an enterprise network

·        Evaluate upgrades and new products & technologies for the enterprise PKI infrastructure including Post-Quantum Cryptography, supply chain traceability, device-level identities, SBOM and HBOM

·        Identify process improvements to reduce risk and improve operational efficiency including the use of AI in PKI operations

·        Strong verbal and written communication skills

·        Strong organizational skills and time management

Qualifications
Basic Qualifications

·        5-10 years of work experience in PKI Operations/Engineering, Information Security, Cybersecurity and/or related IT operational functions, with a bachelor’s degree or an advanced degree

·        Deep understanding of PKI policies and procedures (RFC5280, RFC3647, ITU-T X.509, ISO21188, etc.)

·        Deep understanding of PKI components; Certification Authority, Registration Authority, CRL, OCSP, and x509 Certificates

Preferred Qualifications

·        Detailed familiarity with Internet protocols including, but not limited to TCP/IP, TLS, DNS, IPsec, OCSP, SCEP, and LDAP.

·        DoD 8570.01 IAT II (One of the following or higher (CySA , GICSP, GSEC, Security CE, CND, SSCP) and other comparative information security certifications are preferred