Linux PKI Enterprise Systems Engineer

About Us:

Leidos is a leader in IT Cybersecurity industry dedicated to providing secure and innovative solutions to our global client base. Our engineering team is paramount to our success ensuring the confidentiality integrity and availability of our systems and data. We are looking for a seasoned expert to join our team and take a leading role in shaping our PKI landscape.

Position Overview:

We are seeking a highly skilled and experienced Senior Linux PKI Engineer with experience in Linux and Windows Virtualization platforms to join our dynamic Engineering team. The ideal candidate will be a subject matter expert in Public Key Infrastructure with a strong background in Linux systems. This role is responsible for the design implementation and maintenance of our enterprise-wide PKI solutions. You will play a critical role in the security of our digital communications and transactions ensuring robust and reliable certificate management across our entire infrastructure. This role operates within large-scale geographically distributed environments supporting high-availability and mission-critical systems.

Key Responsibilities:

• Architect and Design: Lead the design and architecture of a scalable resilient and secure PKI infrastructure.
• Implementation and Management: Deploy configure and manage all aspects of the PKI environment including Certificate Authorities (CAs) Registration Authorities (RAs) and Hardware Security Modules (HSMs).
• Automation: Develop and maintain automation scripts (using Python Bash or similar) to streamline certificate lifecycle management including issuance renewal and revocation.
• Linux System Administration: Manage and maintain the underlying Linux-based systems hosting the PKI services ensuring high availability and performance.
• HSM Management: Administer and maintain Hardware Security Modules (HSMs) to ensure the security of cryptographic keys.
• Policy and Governance: Develop implement and enforce PKI policies standards and procedures.
• Compliance and Accreditation: Support RMF (Risk Management Framework) processes ensuring PKI systems align with STIG requirements security controls and accreditation standards. Assist with auditing activities and provide artifacts/evidence for system authorization.
• Troubleshooting: Serve as the highest level of escalation for complex PKI-related issues.
• Collaboration: Work closely with application network and other infrastructure teams to integrate PKI and provide certificate management solutions.
• Mentorship: Provide guidance and mentorship to junior engineers and other team members.
• Stay Current: Keep abreast of the latest PKI technologies standards and security threats to continually improve our security posture.

Basic Qualifications:

• Experience: 8 years of experience in IT with at least 5 years in a dedicated PKI engineering role.
• Education: Bachelors degree in Computer Science Information Security or a related field or equivalent work experience.
• PKI Expertise: In-depth knowledge of PKI concepts including X.509 certificate lifecycle management CRL OCSP and SCEP.
• Linux Proficiency: Extensive hands-on experience with Linux administration (RHEL CentOS or similar) including system hardening and performance tuning.
• Scripting Skills: Strong proficiency in at least one scripting language such as Python Bash or Perl for automation and integration.
• HSM Experience: Proven experience with managing and integrating Hardware Security Modules (e.g. Thales Entrust nCipher).
• PKI Platforms: Hands-on experience with enterprise-grade PKI platforms (e.g. EJBCA PrimeKey Venafi or Microsoft CA).
• Networking: Solid understanding of network protocols and security including TCP/IP TLS/SSL and SSH.
• Compliance Frameworks: Experience supporting RMF STIG implementation and security compliance in regulated or classified environments including participation in audits and accreditation processes.
• US citizenship and active DoD Secret clearance required.

Required Certifications:

• Certifications: Red Hat Certified Engineer (RHCE) or VMware Certified Professional (VCP) or An Advanced MS Server level certification.

Preferred Skills:

• Certifications: Professional certifications such as CISSP RHCE or specific PKI vendor certifications are highly desirable.
• DevOps: Familiarity with DevOps practices and tools (e.g. Ansible Puppet Chef Terraform).
• Containerization: Experience with container technologies like Docker and Kubernetes.
• Large-Scale Environments: Experience managing PKI in a large complex and geographically distributed enterprise environment.
• Enterprise Scale: Experience supporting PKI in large-scale geographically distributed environments with high-availability and mission-critical requirements.

If youre looking for comfort keep scrolling. At Leidos we outthink outbuild and outpace the status quo because the mission demands it. Were not hiring followers. Were recruiting the ones who disrupt provoke and refuse to fail. Step 10 is ancient history. Were already at step 30 and moving faster than anyone else dares.

Original Posting:

Pay Range:

The Leidos pay range for this job level is a general guideline onlyand not a guarantee of compensation or salary. Additional factors considered in extending an offer include (but are not limited to) responsibilities of the job education experience knowledge skills and abilities as well as internal equity alignment with market data applicable bargaining agreement (if any) or other law.