Lead Engineer for Public Key Infrastructure

The Lead Engineer for Public Key Infrastructure (PKI) serves as the principal technical authority responsible for designing, implementing, and maintaining robust enterprise PKI services that facilitate secure authentication, encryption, and digital signatures across the organization’s IT landscape. This pivotal role oversees the lifecycle of digital certificates and cryptographic keys, ensuring resilient, compliant, and well-governed PKI capabilities that safeguard sensitive data and support critical access control mechanisms. Key Responsibilities Direct the design, implementation, and ongoing management of enterprise PKI infrastructures, encompassing root and subordinate certificate authorities, registration authorities, as well as relevant hardware and software components. Oversee the complete lifecycle of digital certificates and cryptographic keys for users, devices, applications, and services, ensuring issuance, renewal, suspension, and revocation processes are supported by strong controls and automation. Formulate, document, and enforce PKI policies, certification practice statements, standards, and procedures that align with enterprise security protocols and regulatory mandates. Integrate PKI services with identity and access management platforms, directory services, network security frameworks, and secure application architectures to facilitate robust authentication and encryption. Continuously monitor, audit, and evaluate the health and compliance of the PKI infrastructure, conducting regular reviews, root cause analyses, and necessary remediation to ensure high availability and integrity. Lead the selection and implementation of PKI-related tools, including solutions for certificate discovery, management, and automation, while recommending enhancements to reinforce cryptographic services. Collaborate with security operations and application teams to analyze and respond to PKI-related incidents, vulnerabilities, and findings, including supporting penetration testing and secure coding initiatives. Provide expert guidance, training, and mentorship to engineers and developers on best practices for PKI usage, certificate management, and secure cryptographic design within enterprise environments. Required Qualifications Bachelor's degree in Cybersecurity, Information Technology, Computer Science, Engineering, or a similar technical discipline, or equivalent relevant experience. A minimum of 8 years of professional experience in cybersecurity, security engineering, or network security roles, with considerable hands-on experience in PKI or cryptographic services. Proven experience in designing, implementing, and managing enterprise PKI solutions, including certificate authorities, key management, and certificate lifecycle processes. Strong understanding of authentication, authorization, and encryption concepts, including TLS, digital signatures, certificate-based access control, and relevant standards such as X.509, OCSP, and CRL. Eligibility to obtain and maintain a Public Trust investigation, with US citizenship required to meet federal client specifications. Proficiency in Unix/Linux or similar operating systems, as well as enterprise infrastructure environments that host PKI and security services. Current secret security clearance is mandatory. Preferred Qualifications Advanced cybersecurity certifications such as CISSP, CISM, CISA, or CRISC, illustrating comprehensive expertise in security architecture and governance. Experience integrating PKI with identity and access management platforms, federated identity standards (like SAML), and role-based access control frameworks in large enterprises. Background in supporting PKI and cryptographic services within complex federal or highly regulated IT environments that necessitate strict compliance. Hands-on experience with certificate discovery and management tools, hardware security modules, and automation frameworks for large-scale certificate deployments. Familiarity with secure software development practices, application security testing, and addressing cryptographic vulnerabilities across web and service architectures. Prior experience in leading small technical teams or acting as a subject matter expert on enterprise security initiatives. Job-Specific Skills Enterprise PKI Architecture -- Capable of designing and documenting scalable PKI architectures, including root hierarchy, trust models, and integration with enterprise systems. Certificate Lifecycle Management -- Establishes and executes repeatable processes and automation for the issuance, renewal, and revocation of certificates across diverse identities and workloads. Cryptographic Standards Expertise -- Applies industry cryptographic standards and algorithms to ensure the implementation of strong encryption, signing, and key management practices in enterprise solutions. Policy and Governance Development -- Authors and maintains PKI policies, standards, and certification practice statements aligned with organizational risk and compliance requirements. Security Integration Engineering -- Integrates PKI with identity, access management, network devices, and applications to enable secure, certificate-based controls. PKI Monitoring and Audit -- Implements monitoring, logging, and auditing processes that provide visibility into PKI operations, supporting both internal and external evaluations. Incident Response for PKI -- Leads investigations and resolves PKI-related incidents, including mis-issued certificates, key compromises, and cryptographic vulnerabilities. Automation and Tooling -- Utilizes scripting, configuration management, and PKI toolsets to streamline processes for certificate issuance, enrollment, and inventory management. Cross Functional Collaboration -- Works closely with security, infrastructure, application, and operations teams to synchronize PKI capabilities with enterprise objectives and constraints. Technical Mentorship -- Coaches junior engineers and developers on PKI concepts, secure implementation practices, and operational best practices to enhance team skills. Preferred Skills Experience engineering PKI solutions in both hybrid cloud and on-premises environments, including integration with leading cloud providers' identity and key management services. Advanced scripting or automation capabilities (such as PowerShell, Python, or similar) to integrate PKI workflows with enterprise tools and CI/CD pipelines. Familiarity with certificate-based network access control, VPN, and device authentication architectures in large, distributed environments. Experience conducting PKI-focused security assessments, including configuration reviews and evaluations of key protection measures, as well as preparation for external compliance audits. Compensation Ranges Compensation for this position varies based on several factors, including location, skill set, education level, certifications, client requirements, specific contract affordability, clearance level, and years of experience. The displayed compensation for this role serves as a general guideline tailored to individual circumstances. Salary is one aspect of ASM's broader compensation and benefits package for employees. EEO Requirements ASM commits to ensuring that race, color, religion, sex, disability, age, gender identity, veteran status, sexual orientation, or national origin do not influence personnel or management decisions. We uphold our dedication to these essential policies. All recruitment, hiring, training, and promotion activities for every job classification are conducted without discrimination. Personnel decisions are made in accordance with the principle of equal employment. Physical Requirements Physical capabilities necessary for this role include the ability to fulfill essential job functions effectively. Reasonable accommodations can be provided for individuals with qualifying disabilities who meet the job requirements. Disclaimer This job description highlights the general nature and level of work performed by employees in this classification. It is not intended to provide an exhaustive list of responsibilities, duties, and qualifications required of employees assigned to this job. $122,900 - 150,000

Created: 2026-03-13