Sr. PKI Engineer

Join one of the largest and most advanced Cyber Security organizations in the financial industry as we build a modern, enterprise-wide PKI and certificate services infrastructure. We are expanding our Identity & Cryptography capabilities and are looking for a Senior* PKI Engineer* who brings deep expertise in Microsoft AD Certificate Services (ADCS) and largescale Active Directory integrations. If you thrive as a handson engineer, enjoy designing secure cryptographic architectures, and want to influence enterprise security modernization efforts, this role offers a highimpact opportunity. What You'll Do Architecture & Design

• Design and maintain enterprise PKI architectures including Root, Policy, and Issuing CAs (offline/airgapped roots, secure key ceremonies, governance workflows).

• Engineer certificate solutions for mTLS, 802.1X wired/wireless/VPN, device identity, BitLocker, code signing, S/MIME, and more.

• Define key sizes, algorithms (RSA, ECC, PQC), hashing methods, and certificate policies.

• Implement HSM-backed key storage and lead secure key ceremonies and DR planning. Operations & Automation

• Own end-to-end certificate lifecycle management: issuance, renewal, revocation, automation.

• Integrate PKI with Active Directory (forests/domains, GPOs, AIA/CDP locations).

• Manage CRL/OCSP distribution, monitoring, and high availability.

• Build automation (PowerShell, APIs, Intune, SCEP/NDES, ACME, MDM) for largescale enrollment.

• Drive CA backup, restore, upgrade, renewal, and migration strategies. Security & Compliance

• Apply strong key management standards (FIPS 1402/3), CA hardening, and rootlevel controls.

• Perform PKI risk assessments, template access reviews, and control testing.

• Lead incident response for PKIrelated outages or security issues.

• Maintain alignment with NIST, Microsoft baselines, CAB Forum, and regulatory frameworks (SOX, PCI, HIPAA, ISO 27001).

• 8+ years in security engineering/identity infrastructure; 5+ years handson with Microsoft ADCS.
• Proven experience deploying and operating multi-tier Microsoft PKI in large, complex enterprises.
• Deep knowledge of X.509, CRLs/OCSP, EKUs/KUs, SANs, RSA/ECC algorithms, SHA2, and certificate path validation.
• Strong PowerShell and Windows Server skills (GPOs, templates, autoenrollment).
• Experience with 802.1X/EAPTLS, TLS/mTLS, VPN authentication.
• Hands-on experience with HSMs (Entrust/nCipher/Thales).

Why This Role Matters This hire will play a key role in building a new ICA/PKI Infrastructure supporting enterprisewide Cyber Security Modernization efforts across GIS. You'll help shape foundational cryptographic services used across one of the largest financial organizations in the world. Why You'll Love It

• Work in one of the most respected Cyber Security organizations in the industry

• Drive modernization initiatives with major impact

• Complex, largescale environment where your PKI expertise truly matters Job Type & LocationThis is a Contract position based out of Charlotte, NC. Pay and BenefitsThe pay range for this position is $75.00 - $85.00/hr. Eligibility requirements apply to some benefits and may depend on your job classification and length of employment. Benefits are subject to change and may be subject to specific elections, plan, or program terms. If eligible, the benefits available for this temporary role may include the following:

• Medical, dental & vision

• Critical Illness, Accident, and Hospital

• 401(k) Retirement Plan - Pre-tax and Roth post-tax contributions available

• Life Insurance (Voluntary Life & AD&D for the employee and dependents)

• Short and long-term disability

• Health Spending Account (HSA)

• Transportation benefits

• Employee Assistance Program

• Time Off/Leave (PTO, Vacation or Sick Leave) Workplace TypeThis is a fully onsite position in Charlotte,NC.

We're partners in transformation. We help clients activate ideas and solutions to take advantage of a new world of opportunity. We are a team of 80,000 strong, working with over 6,000 clients, including 80% of the Fortune 500, across North America, Europe and Asia. As an industry leader in Full-Stack Technology Services, Talent Services, and real-world application, we work with progressive leaders to drive change. That's the power of true partnership. TEKsystems is an Allegis Group company. The company is an equal opportunity employer and will consider all applications without regards to race, sex, age, color, religion, national origin, veteran status, disability, sexual orientation, gender identity, genetic information or any characteristic protected by law. About TEKsystems and TEKsystems Global Services We're a leading provider of business and technology services. We accelerate business transformation for our customers. Our expertise in strategy, design, execution and operations unlocks business value through a range of solutions. We're a team of 80,000 strong, working with over 6,000 customers, including 80% of the Fortune 500 across North America, Europe and Asia, who partner with us for our scale, full-stack capabilities and speed. We're strategic thinkers, hands-on collaborators, helping customers capitalize on change and master the momentum of technology. We're building tomorrow by delivering business outcomes and making positive impacts in our global communities. TEKsystems and TEKsystems Global Services are Allegis Group companies. Learn more at TEKsystems.com.