Senior PKI Engineer

99999 Consulting Llc
Washington, United States of America
3 days ago

Role details

Contract type
Permanent contract
Employment type
Full-time (> 32 hours)
Working hours
Regular working hours
Languages
English
Experience level
Senior
Compensation
$ 250K

Job location

Washington, United States of America

Tech stack

Web Servers
Networking Hardware
Key Management
OpenSSL
Public Key Infrastructure
X.509
Transport Layer Security
Load Balancing

Job description

  • Work centers on designing and maintaining trust models that other systems depend on, often with little margin for error.
  • Problems are rarely straightforward-solutions must account for vendor constraints, security requirements, and interoperability edge cases.
  • Ownership of PKI architecture and implementation from policy design through operational support.
  • High OPTEMPO; requires precision, persistence, and disciplined follow-through.

What You'll Do

  • Design and manage PKI architectures, including root/intermediate hierarchies, chains of trust, and certificate lifecycle processes.
  • Create and maintain segmented trust models (organizational partitions, cross-domain trust, constrained intermediates).
  • Generate and support certificates for diverse use cases, including handling vendor-specific constraints and non-standard requirements (e.g., wildcard usage, SAN configurations, custom extensions).
  • Troubleshoot certificate validation issues across systems, applications, and network boundaries.
  • Collaborate with systems, network, and application teams to ensure certificates function correctly within their environments.
  • Define and enforce certificate policies, revocation strategies (CRL/OCSP), and security controls.
  • Mentor engineers on PKI fundamentals and correct implementation practices.

Tech Knowledge / Skills

  • PKI fundamentals: X.509, certificate chains, trust stores, key management
  • Microsoft CA, OpenSSL, and other PKI tooling
  • TLS/SSL, mutual authentication, certificate-based access control
  • CRL, OCSP, revocation and lifecycle management
  • Integration points: web servers, load balancers, applications, network devices

Requirements

  • 8+ years experience in PKI, security engineering, or related systems roles in secure/cleared environments
  • Active TS; must be able to obtain TS/SCI
  • Professional certification required; expert-level capability preferred
  • Demonstrated ability to design and troubleshoot PKI systems across multiple platforms and vendors
  • Experience with complex trust models and real-world certificate interoperability challenges
  • DoD 8140 compliance required

Benefits & conditions

Pulled from the full job description

  • 401(k)
  • Health insurance
  • Retirement plan
  • 401(k) matching
  • Paid time off
  • Vision insurance
  • Dental insurance, * The likely salary range for this position is $140,000-$250,000. This is not, however, a guarantee of compensation or salary. Rather, salary will be set based on experience, and contractual agreements and could fall outside of this range.

Pay: $140,000.00 - $250,000.00 per year, * 401(k)

  • 401(k) matching
  • Dental insurance
  • Flexible spending account
  • Health insurance
  • Life insurance
  • Paid time off
  • Retirement plan
  • Vision insurance

Security clearance:

  • Top Secret (Required)

Apply for this position