We are looking for an experienced PKI Engineer to join a global technology organization supporting enterprise-scale security and infrastructure solutions. You’ll play a key role in designing, securing, and operating Public Key Infrastructure services used across complex, distributed environments.
responsibilities :
Lead and evolve the infrastructure protection and PKI security strategy
Design, implement, and operate enterprise PKI solutions, including internal/external CAs, HSMs, and certificate lifecycle management platforms
Architect and manage PKI components: CA, RA, CRL, OCSP, and HSM integrations
Implement and maintain automated certificate enrollment, renewal, and revocation
Design certificate lifecycle automation using ACME, scripting (PowerShell, Python), and enterprise CLM tools
Install and manage certificates across Windows, Linux/Unix, Apache, Tomcat, Java Keystore, F5, Azure Key Vault
Define trust models and certificate policies aligned with X.509 and CA/Browser Forum requirements
Develop and maintain CP/CPS documentation
Support application integrations: TLS/SSL, S/MIME, 802.1x, Smartcards, Code Signing
Collaborate with IAM, Security, Infrastructure, and Application teams
Ensure high availability, disaster recovery, and operational excellence of PKI services
Track and report SLAs, KPIs, KRIs, and maintain technical documentation and SOPs
Support change management using ITSM tools (ServiceNow, Remedy)
requirements-expected :
Strong expertise in enterprise PKI operations, cryptography (symmetric/asymmetric), and key management
Deep understanding of PKI standards: X.509, CP/CPS, CA/B Forum Baseline Requirements
Knowledge of RFC 5280, RFC 6960 (OCSP)
Experience with ADCS, DigiCert, Sectigo, GlobalSign, Keyfactor, OpenSSL
Strong understanding of HSMs, BYOK configurations, OCSP, CRL, CA/RA concepts
Experience with certificate automation and scripting
Familiarity with containerized environments and Kubernetes certificate management
Microsoft security certifications (e.g. Azure Security Engineer, MCSA) are a plus
Ability to troubleshoot PKI-related issues and support certificate-enabled applications
Strong communication skills and ability to drive technical discussions
