PKI Lead Engineer with Security Clearance

Essential Functions • Lead and execute strategic initiatives around PKI development, deployment, and maintenance to drive class-leading product and industry leading technology • Design and deploy infrastructure necessary to support PKI for Critical Infrastructure clients • Perform maintenance and support of Public Key Infrastructure (PKI) operations • Administer Certification Authority (CA) certificate lifecycles for various applications and solutions • Interface with clients to document Certificate Policy, and Certification Practice Statements based on client requirements • Understand a Certificate Practice Statement (CPS), including areas of design, deployment, validation, operational and Disaster Recovery/Business Continuity Planning (DR/BCP) • Design, test, and document Key Ceremony Scripts for PKI Key material creation • Assist in proactive monitoring, alerting, trend analysis for PKI and underlying infrastructure, and support the operations team in implementation • Assist in the development of analytics systems for monitoring and controlling PKI functionality in an enterprise network • Evaluate upgrades and new products & technologies for the enterprise PKI infrastructure including Post-Quantum Cryptography, supply chain traceability, device-level identities, SBOM and HBOM • Identify process improvements to reduce risk and improve operational efficiency including the use of AI in PKI operations • Strong verbal and written communication skills • Strong organizational skills and time management Qualifications • 5-10 years of work experience in PKI Operations/Engineering, Information Security, Cybersecurity and/or related IT operational functions, with a bachelor's degree or an advanced degree • Deep understanding of PKI policies and procedures (RFC5280, RFC3647, ITU-T X.509, ISO21188, etc.) • Deep understanding of PKI components; Certification Authority, Registration Authority, CRL, OCSP, and x509 Certificates Preferred Qualifications • Detailed familiarity with Internet protocols including, but not limited to TCP/IP, TLS, DNS, IPsec, OCSP, SCEP, and LDAP. • DoD 8570.01 IAT II (One of the following or higher (CySA, GICSP, GSEC, Security CE, CND, SSCP) and other comparative information security certifications are preferred

Location: Washington, District of Columbia, US

Posted Date: 11/6/2025