PKI Senior Security Engineer

About The Position

Requirements

• Minimum of 2 years of hands-on experience supporting PKI technologies, including certificate lifecycle management and reporting.
• Minimum of 4 years of Linux/UNIX systems administration experience, including package management and command-line troubleshooting.
• Minimum of 4 years of scripting or automation experience using tools such as Ansible, Bash, PowerShell, or Python.
• Strong working knowledge of PKI concepts, including SSL/TLS, certificate authorities, public/private key cryptography, CRLs, and trust stores.
• Experience supporting Microsoft ADCS components such as CEP/CES and NDES.
• Proficiency administering certificates across both UNIX/Linux and Windows environments.
• Working knowledge of TCP/IP networking concepts and common infrastructure components, including DNS, firewalls, load balancers (such as F5), and routing.
• Hands-on experience using certificate and cryptographic tools such as OpenSSL, Java Keytool, Keystore Explorer, and PuTTY.
• Strong organizational and prioritization skills, with the ability to manage multiple certificates and initiatives simultaneously.
• Demonstrated ability to work independently in complex, large-scale, multi-platform environments while collaborating effectively across teams.
• Proven problem-solving skills with strong attention to detail and a customer-focused mindset.
• Excellent verbal and written communication skills, with the ability to explain technical concepts to diverse audiences.

Nice To Haves

• Bachelor’s degree in Information Systems, Computer Science, or a related field.
• Experience with Venafi, DigiCert, Sectigo or similar certificate management and CA platforms.
• Security-related industry certification.
• Experience configuring and troubleshooting web, application, and middleware technologies.
• Familiarity with healthcare or PBM industry environments.

Responsibilities

• Architect, deploy, and operate enterprise PKI solutions, with a primary focus on Microsoft Active Directory Certificate Services (ADCS), ensuring secure identity, encryption, and trust services across the organization.
• Manage certificate lifecycle automation and policy enforcement using Venafi, improving reliability, visibility, and compliance across platforms.
• Administer and support Hardware Security Modules (HSMs), including Luna and nCipher, to protect cryptographic keys and sensitive operations.
• Develop, maintain, and enforce certificate standards, policies, and governance frameworks aligned to organizational and regulatory requirements.
• Provide deep technical leadership during certificate-related incidents, serving as an escalation point to troubleshoot and restore production services within established service level agreements.
• Partner with application owners, UNIX and Windows administrators, network teams, and external Certificate Authorities to design and implement secure certificate solutions.
• Govern external Certificate Authorities such as DigiCert and Sectigo, ensuring proper usage, lifecycle management, and compliance.
• Execute and support critical PKI operational activities, including scheduled change windows, annual CRL publishing, and root key ceremonies.
• Ensure PKI services meet regulatory and security standards, including FIPS and NIST guidance.
• Contribute to PKI and certificate management product roadmaps, identifying opportunities for automation, modernization, and risk reduction.
• Track and report operational health and progress using clear, data-driven metrics.
• Participate in an on-call rotation, including after-hours change implementation, to support 24x7 enterprise environments.