PKI Engineer, Mid

Working in a federal IT environment, this position integrates PKI capabilities with identity platforms, network security controls, applications, and cloud services, resolving complex certificate and trust issues across heterogeneous environments. The engineer develops and enforces PKI policies, technical standards, and operational procedures, collaborating with security stakeholders to ensure resilience, compliance, and audit-ready operation of the PKI., * Architect, deploy, and operate PKI infrastructures, including certificate authorities, registration authorities, and OCSP/CRL services across on-premises and cloud environments.

• Design and manage scalable certificate lifecycle processes (enrollment, distribution, renewal, revocation, and automation) for large fleets of endpoints, applications, and services.
• Integrate PKI with enterprise systems such as identity platforms, VPN and Wi-Fi authentication, TLS termination, secure email, and code signing, resolving complex interoperability and trust issues.
• Implement and administer PKI platforms and tooling (for example, AD CS, commercial or cloud PKI, HSM-backed key stores, or machine identity management solutions) with appropriate backup, monitoring, and high availability.
• Define and maintain certificate policies, certification practice statements, and PKI runbooks that align with organizational and regulatory security requirements.
• Lead troubleshooting of PKI and certificate-related incidents, including chain and trust failures, protocol misconfigurations, and key management issues, and drive durable remediation.
• Provide expert guidance to security, infrastructure, and application teams on cryptographic standards, key management, and secure PKI usage patterns., Compensation ranges for ASM Research positions vary depending on multiple factors; including but not limited to, location, skill set, level of education, certifications, client requirements, contract-specific affordability, government clearance and investigation level, and years of experience. The compensation displayed for this role is a general guideline based on these factors and is unique to each role. Monetary compensation is one component of ASM's overall compensation and benefits package for employees.

• Bachelor's degree in IT, Computer Science, Cybersecurity, or a related field, or equivalent relevant experience.
• 4-7 years of experience in security engineering or infrastructure roles with primary responsibility for architecting and operating PKI and certificate management solutions.
• Deep understanding of PKI architectures, including CA hierarchies, trust models, OCSP/CRL mechanisms, and certificate lifecycle controls.
• Strong familiarity with cryptographic standards and protocols such as TLS, S/MIME, and code signing, and their secure configuration in enterprise environments.
• Hands-on experience with enterprise PKI platforms and associated tooling, including integration with identity and network security services.
• Strong analytical, problem-solving, and communication skills, with the ability to document designs, policies, and operational procedures clearly.
• Ability to obtain and maintain a SECRET security clearance, with U.S. citizenship required., * Experience designing and operating enterprise-grade PKI in regulated or government environments, including integration with hardware security modules and security monitoring tools.
• Advanced security or PKI-focused certifications (for example, CISSP or PKI-specific credentials) that validate expertise in cryptography and certificate management.
• Experience contributing to broader security architectures, policies, and best practices that rely on PKI., The physical requirements described in "Knowledge, Skills and Abilities" above are representative of those which must be met by an employee to successfully perform the primary functions of this job. (For example, "light office duties' or "lifting up to 50 pounds" or "some travel" required.) Reasonable accommodations may be made to enable individuals with qualifying disabilities, who are otherwise qualified, to perform the primary functions.