PKI Engineer, Mid

The PKI Engineer, Mid designs, implements, and maintains enterprise public key infrastructure services that underpin secure authentication, encryption, and digital signatures for missionu2011critical systems. The role owns certificate lifecycle management processes, ensuring robust issuance, renewal, revocation, and automation patterns for user, device, application, and service identities. Working in a federal IT environment, this position integrates PKI capabilities with identity platforms, network security controls, applications, and cloud services, resolving complex certificate and trust issues across heterogeneous environments. The engineer develops and enforces PKI policies, technical standards, and operational procedures, collaborating with security stakeholders to ensure resilience, compliance, and auditu2011ready operation of the PKI. Key Responsibilities + Architect, deploy, and operate PKI infrastructures, including certificate authorities, registration authorities, and OCSP/CRL services across onu2011premises and cloud environments. + Design and manage scalable certificate lifecycle processes (enrollment, distribution, renewal, revocation, and automation) for large fleets of endpoints, applications, and services. + Integrate PKI with enterprise systems such as identity platforms, VPN and Wiu2011Fi authentication, TLS termination, secure email, and code signing, resolving complex interoperability and trust issues. + Implement and administer PKI platforms and tooling (for example, AD CS, commercial or cloud PKI, HSMu2011backed key stores, or machine identity management solutions) with appropriate backup, monitoring, and high availability. + Define and maintain certificate policies, certification practice statements, and PKI runbooks that align with organizational and regulatory security requirements. + Lead troubleshooting of PKI and certificateu2011related incidents, including chain and trust failures, protocol misconfigurations, and key management issues, and drive durable remediation. + Provide expert guidance to security, infrastructure, and application teams on cryptographic standards, key management, and secure PKI usage patterns. Required Qualifications + Bacheloru2019s degree in IT, Computer Science, Cybersecurity, or a related field, or equivalent relevant experience. + 4u20137 years of experience in security engineering or infrastructure roles with primary responsibility for architecting and operating PKI and certificate management solutions. + Deep understanding of PKI architectures, including CA hierarchies, trust models, OCSP/CRL mechanisms, and certificate lifecycle controls. + Strong familiarity with cryptographic standards and protocols such as TLS, S/MIME, and code signing, and their secure configuration in enterprise environments. + Handsu2011on experience with enterprise PKI platforms and associated tooling, including integration with identity and network security services. + Strong analytical, problemu2011solving, and communication skills, with the ability to document designs, policies, and operational procedures clearly. + Ability to obtain and maintain a SECRET security clearance, with U.S. citizenship required. Preferred Qualifications + Experience designing and operating enterpriseu2011grade PKI in regulated or government environments, including integration with hardware security modules and security monitoring tools. + Advanced security or PKIu2011focused certifications (for example, CISSP or PKIu2011specific credentials) that validate expertise in cryptography and certificate management. + Experience contributing to broader security architectures, policies, and best practices that rely on PKI. Compensation Ranges Compensation ranges for ASM Research positions vary depending on multiple factors; including but not limited to, location, skill set, level of education, certifications, client requirements, contract-specific affordability, government clearance and investigation level, and years of experience. The compensation displayed for this role is a general guideline based on these factors and is unique to each role. Monetary compensation is one component of ASM's overall compensation and benefits package for employees. EEO Requirements It is the policy of ASM that an individual's race, color, religion, sex, disability, age, sexual orientation or national origin are not and will not be considered in any personnel or management decisions. We affirm our commitment to these fundamental policies. All recruiting, hiring, training, and promoting for all job classifications is done without regard to race, color, religion, sex, disability, or age. All decisions on employment are made to abide by the principle of equal employment. Physical Requirements The physical requirements described in

Created: 2026-04-22