Senior PKI Engineer

Everforth ECS is seeking a Senior Public Key Infrastructure (PKI) Engineer to work in our Fairfax, VA office in a hybrid onsite/remote capacity.

 

The Senior PKI Engineer will be responsible for the architecting, implementation, administration, automation, and maintenance of enterprise Public Key Infrastructure (PKI) systems and cryptographic services. This role supports secure authentication, encryption, digital signing, certificate lifecycle management, and enterprise trust services across complex environments.

 

The engineer will lead efforts to modernize and automate certificate management processes, reduce manual administration, and improve the scalability and security of PKI operations. Responsibilities include managing certificate authorities (CAs), automating certificate issuance and renewal workflows, integrating PKI services with enterprise platforms, and supporting compliance with cybersecurity standards and operational requirements.

 

Key Responsibilities

• Architect, deploy, configure, and maintain enterprise PKI environments and certificate authority infrastructure.
• Automate certificate lifecycle management processes including certificate issuance, renewal, revocation, rotation, and expiration monitoring.
• Develop and maintain automation scripts, APIs, and workflows for PKI and certificate management using tools such as PowerShell, Python, Ansible, Terraform, or similar technologies.
• Implement automated certificate enrollment and management solutions for servers, applications, network devices, containers, and cloud platforms.
• Administer internal and external certificate authorities (Microsoft CA, Entrust, DigiCert, EJBCA, or similar platforms).
• Implement and maintain TLS/SSL certificates across enterprise systems and environments.
• Troubleshoot PKI-related issues involving authentication, encryption, trust relationships, and certificate validation.
• Support identity and access management integrations using certificates, smart cards, and multifactor authentication technologies.
• Ensure PKI systems comply with organizational security policies and applicable standards such as NIST, FIPS, DISA STIGs, FedRAMP, or FISMA requirements.
• Collaborate with cybersecurity, DevSecOps, cloud, network, and systems engineering teams to integrate secure certificate management into enterprise platforms and CI/CD pipelines.
• Participate in incident response activities involving cryptographic systems, certificate compromise, or trust-related issues.
• Maintain technical documentation, architecture diagrams, standard operating procedures, and configuration baselines.
• Other duties, as assigned.