Sr. PKI Engineer

Description PKI Engineer to design, implement, and operate enterprise-grade Public Key Infrastructure (PKI) services with a strong focus on Microsoft Active Directory Certificate Services (AD CS) and Active Directory (AD) integration. Handson implementation and integration knowledge of certificate lifecycle management, CA hierarchy governance, enrollment automation, HSM-backed key protection, CA backup restore, migration and integration with platforms such as Windows Server, Linux, network/security devices, cloud providers, MDM/EPP, and zero-trust tooling. Subject matter expert for cryptographic standards, certificate-based authentication, and PKI security controls across the organization. Required experience: 1. ADCS (Active Directory Certificate Services) 2. Integrate PKI with Active Directory (AD forests/domains, ADCS, AIA/CDP locations, GPOs) 3. Deploy, Configure, Implement, Install, Architecture & Design u2022 Design and maintain enterprise PKI architectures (Root CA, Policy CA, Issuing CA) with offline/air gapped roots, secure key ceremonies, key usage, and issuance workflows and robust CRL/OCSP distribution. u2022 Engineer solutions for mutual TLS, 802.1X (wired/wireless/VPN), device identity, code signing, S/MIME, BitLocker, and disk/volume encryption certs. u2022 Key sizes, algorithms (RSA, ECC and PQC) encryption and hashing. u2022 Implement HSM-backed key storage for CAs and code signing; lead key ceremonies, disaster recovery designs. Operations & Automation u2022 Own certificate lifecycle management (issuance, renewal, revocation) including automation via Intune, GPO/Autoenrollment, SCEP/NDES, ACME, or MDM connectors. u2022 Manage CRL/OCSP publication, monitoring, and availability, design highly available, geo-distributed revocation endpoints. u2022 Implement scripting/automation (PowerShell, APIs) for bulk issuance, inventory, renewal, and drift detection. Enabling separation of duties for secure operation of PKI infrastructure u2022 CA backup, restore renewal and migration strategy Security & Compliance u2022 Apply strong key management practices (FIPS 140-2/140-3), certificate assurance levels, and secure CA hardening baselines. u2022 Regularly perform PKI risk assessments, access reviews, and control testing (e.g., template permissions, EKU misuse, issuance constraints). u2022 Lead root cause analysis and incident response for certificate/PKI-related outages or security events. u2022 Maintain alignment with NIST, CAB Forum, Microsoft Security Baselines, and internal compliance frameworks (e.g., SOX, PCI, HIPAA, ISO 27001) as applicable. Skills ADCS, Active Directory Certification Services, PKI, Automation, Active directory Top Skills Details ADCS,Active Directory Certification Services,PKI Additional Skills & Qualifications Minimum Qualifications u2022 8+ years in Security Engineering/Identity Infrastructure, including 5+ years hands-on with Microsoft AD CS and enterprise Active Directory with managing CA infra u2022 Proven experience designing, deploying, and operating multi-tier Microsoft PKI (offline root, issuing CAs) in large/complex environments. u2022 Deep knowledge of X.509, CRL/OCSP, EKU/KU, SANs, key algorithms and sizes (RSA/ECC), hashing (SHA-2), and certificate validation paths. u2022 Strong PowerShell and Windows Server administration; GPOs, autoenrollment, templates, AIA/CDP configuration. u2022 Experience with 802.1X/EAP-TLS, TLS/mTLS, VPN auth, and device/user certificate issuance at scale. u2022 HSM experience (e.g., nCipher/Entrust/Thales) for CA key management. Experience Level Intermediate Level Job Type & Location This is a Contract position based out of Charlotte, NC. Pay and Benefits The pay range for this position is $75.00 - $85.00/hr. Eligibility requirements apply to some benefits and may depend on your job classification and length of employment. Benefits are subject to change and may be subject to specific elections, plan, or program terms. If eligible, the benefits available for this temporary role may include the following: u2022 Medical, dental & vision u2022 Critical Illness, Accident, and Hospital u2022 401(k) Retirement Plan u2013 Pre-tax and Roth post-tax contributions available u2022 Life Insurance (Voluntary Life & AD&D for the employee and dependents) u2022 Short and long-term disability u2022 Health Spending Account (HSA) u2022 Transportation benefits u2022 Employee Assistance Program u2022 Time Off/Leave (PTO, Vacation or Sick Leave) Workplace Type This is a fully onsite position in Charlotte,NC. Application Deadline This position is anticipated to close on Mar 10, 2026. h4>About TEKsystems: We're partners in transformation. We help clients activate ideas and solutions to take advantage of a new world of opportunity. We are a team of 80,000 strong, working with over 6,000 clients, including 80% of the Fortune 500, across North America, Europe and Asia. As an industry leader in Full-Stack Technology Services, Talent Services, and real-world application, we work with progressive leaders to drive change. That's the power of true partnership. TEKsystems is an Allegis Group company. The company is an equal opportunity employer and will consider all applications without regards to race, sex, age, color, religion, national origin, veteran status, disability, sexual orientation, gender identity, genetic information or any characteristic protected by law. About TEKsystems and TEKsystems Global Services Weu2019re a leading provider of business and technology services. We accelerate business transformation for our customers. Our expertise in strategy, design, execution and operations unlocks business value through a range of solutions. Weu2019re a team of 80,000 strong, working with over 6,000 customers, including 80% of the Fortune 500 across North America, Europe and Asia, who partner with us for our scale, full-stack capabilities and speed. Weu2019re strategic thinkers, hands-on collaborators, helping customers capitalize on change and master the momentum of technology. Weu2019re building tomorrow by delivering business outcomes and making positive impacts in our global communities. TEKsystems and TEKsystems Global Services are Allegis Group companies. Learn more at . The company is an equal opportunity employer and will consider all applications without regard to race, sex, age, color, religion, national origin, veteran status, disability, sexual orientation, gender identity, genetic information or any characteristic protected by law.

Created: 2026-02-26