PKI SME

Role Overview

We are looking for an experienced PKI SME (Level 3) to drive end-to-end PKI initiatives spanning assessment solution design and implementation. The role requires strong expertise in enterprise PKI certificate lifecycle management (CLM) automation and cloud integrations with a consulting mindset and customer-facing experience.

Key Responsibilities

1. Assessment & Discovery

• Perform PKI current-state assessments (architecture governance lifecycle processes)
• Evaluate internal CA (AD CS) public CA usage certificate inventory and key management practices
• Identify risks gaps and improvement areas and provide actionable recommendations

2. Architecture & Design

• Define target-state PKI architecture (on-prem cloud hybrid)
• Design PKI governance model policies standards and CPS
• Develop certificate lifecycle automation strategy and tooling roadmap
• Evaluate and recommend platforms (e.g. AppViewX Venafi Keyfactor)

3. Implementation & Integration

• Lead deployment of Root/Issuing CA CLM solutions and HSM integration
• Implement certificate issuance renewal revocation and automation workflows
• Integrate PKI with cloud platforms (Azure/AWS) IAM and DevOps pipelines

4. Governance & Compliance

• Define and enforce PKI policies standards and operating model
• Ensure alignment with industry regulations (HIPAA PCI-DSS SOX etc.)
• Support audit readiness and secure key management practices

Required Skills

• Strong experience in Microsoft AD CS (mandatory)
• Deep understanding of PKI concepts (X.509 CRL OCSP TLS/mTLS)
• Hands-on with certificate lifecycle management platforms
• Experience with HSMs and key management
• Exposure to Azure Key Vault / AWS certificate services
• Scripting skills (PowerShell/Python) for automation

Preferred Skills

• Experience with AppViewX / Venafi / Keyfactor / Akeyless
• Knowledge of Zero Trust and workload identity
• Experience in Healthcare regulated industry

Relevant certifications (CISSP CCSP Azure Security)