PKI Engineer, Senior
ASM
Austin, United States of America
14 days ago
Role details
Contract type
Permanent contract Employment type
Full-time (> 32 hours) Working hours
Regular working hours Languages
English Experience level
Senior Compensation
$ 159KJob location
Austin, United States of America
Tech stack
API
User Authentication
Computer Security
Information Systems
Digital Signature
Hardware Security Module
Virtual Private Networks (VPN)
Information Systems Security Architecture Professional
Python
Key Management
Network Security
Multi-Purpose Internet Mail Extensions (MIME)
Public Key Infrastructure
Powershell
Zero Trust Network Access
Smart Cards
Wi-Fi Technology
Transport Layer Security
Cloud Platform System
System Availability
Software Security
Multi-Cloud
SC Clearance
Information Technology
Job description
- Architect and maintain enterprise PKI solutions, including certificate authorities, registration authorities, OCSP/CRL distribution, and hardware security modules, ensuring high availability and crypto-agility.
- Oversee end-to-end certificate lifecycle management for users, services, devices, and workloads, including automated issuance, renewal, revocation, and inventory across hybrid and multi-cloud environments.
- Design PKI trust models and integration patterns for TLS/SSL, S/MIME, code signing, VPN, Wi-Fi, and device authentication in support of zero-trust access and strong identity assurance.
- Implement and enforce PKI security policies, certificate policies, and certification practice statements, aligning configurations with applicable government and industry cryptographic standards.
- Build PowerShell or Python automation, APIs, and tooling to streamline PKI operations, monitoring, key rotation, and compliance reporting at enterprise scale.
- Lead incident response for certificate-related outages or compromises, including rapid revocation, re-issuance, key rotation, and coordination with security operations and incident response teams.
- Collaborate with identity, network, and application security architects to embed PKI requirements into new platforms and remediate legacy or non-compliant cryptographic implementations.
- Guide risk assessments and audits focused on cryptographic controls, producing remediation roadmaps to address algorithm deprecation, weak ciphers, and end-of-life PKI components., Compensation ranges for ASM Research positions vary depending on multiple factors; including but not limited to, location, skill set, level of education, certifications, client requirements, contract-specific affordability, government clearance and investigation level, and years of experience. The compensation displayed for this role is a general guideline based on these factors and is unique to each role. Monetary compensation is one component of ASM's overall compensation and benefits package for employees.
Requirements
- Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or related field, or equivalent relevant experience.
- 8+ years of experience in cybersecurity engineering or closely related roles, including at least 5 years focused on PKI architecture and operations.
- Strong background in cybersecurity, network security, and information systems, with deep understanding of standards-based security architectures, identity services, and device profiling.
- Demonstrated expertise with enterprise PKI platforms, certificate lifecycle management, hardware security modules, and related tooling across on-prem and cloud environments.
- Proficiency with automation and scripting (such as PowerShell or Python) to manage PKI operations, monitoring, and reporting at scale.
- Excellent problem-solving, analytical, communication, and interpersonal skills, with the ability to manage multiple initiatives and incident responses effectively.
- Ability to obtain and maintain a SECRET clearance; U.S. citizenship required.
- Less than 10% travel required., * Experience engineering PKI for large federal or defense environments, including integration with smart cards, PIV/CAC, and enterprise identity governance platforms.
- Professional certifications such as CISSP, CCSP, or vendor PKI/cryptography credentials demonstrating advanced knowledge of applied cryptography and key management.
- Experience leading cryptographic modernization programs (for example, algorithm migrations, key-length upgrades, or post-quantum-readiness initiatives).
- Familiarity with zero-trust architectures and how PKI enables strong device, user, and service identity within those models., The physical requirements described in "Knowledge, Skills and Abilities" above are representative of those which must be met by an employee to successfully perform the primary functions of this job. (For example, "light office duties' or "lifting up to 50 pounds" or "some travel" required.) Reasonable accommodations may be made to enable individuals with qualifying disabilities, who are otherwise qualified, to perform the primary functions.
