Job Description

The PKI Engineer, Mid designs, implements, and maintains enterprise public key infrastructure services that underpin secure authentication, encryption, and digital signatures for mission‑critical systems. The role owns certificate lifecycle management processes, ensuring robust issuance, renewal, revocation, and automation patterns for user, device, application, and service identities.

Working in a federal IT environment, this position integrates PKI capabilities with identity platforms, network security controls, applications, and cloud services, resolving complex certificate and trust issues across heterogeneous environments. The engineer develops and enforces PKI policies, technical standards, and operational procedures, collaborating with security stakeholders to ensure resilience, compliance, and audit‑ready operation of the PKI.

Key Responsibilities

• Architect, deploy, and operate PKI infrastructures, including certificate authorities, registration authorities, and OCSP/CRL services across on‑premises and cloud environments.

• Design and manage scalable certificate lifecycle processes (enrollment, distribution, renewal, revocation, and automation) for large fleets of endpoints, applications, and services.

• Integrate PKI with enterprise systems such as identity platforms, VPN and Wi‑Fi authentication, TLS termination, secure email, and code signing, resolving complex interoperability and trust issues.

• Implement and administer PKI platforms and tooling (for example, AD CS, commercial or cloud PKI, HSM‑backed key stores, or machine identity management solutions) with appropriate backup, monitoring, and high availability.

• Define and maintain certificate policies, certification practice statements, and PKI runbooks that align with organizational and regulatory security requirements.

• Lead troubleshooting of PKI and certificate‑related incidents, including chain and trust failures, protocol misconfigurations, and key management issues, and drive durable remediation.

• Provide expert guidance to security, infrastructure, and application teams on cryptographic standards, key management, and secure PKI usage patterns.

Required Qualifications

• Bachelor’s degree in IT, Computer Science, Cybersecurity, or a related field, or equivalent relevant experience.

• 4–7 years of experience in security engineering or infrastructure roles with primary responsibility for architecting and operating PKI and certificate management solutions.

• Deep understanding of PKI architectures, including CA hierarchies, trust models, OCSP/CRL mechanisms, and certificate lifecycle controls.

• Strong familiarity with cryptographic standards and protocols such as TLS, S/MIME, and code signing, and their secure configuration in enterprise environments.

• Hands‑on experience with enterprise PKI platforms and associated tooling, including integration with identity and network security services.

• Strong analytical, problem‑solving, and communication skills, with the ability to document designs, policies, and operational procedures clearly.

• Ability to obtain and maintain a SECRET security clearance, with U.S. citizenship required.

Preferred Qualifications

• Experience designing and operating enterprise‑grade PKI in regulated or government environments, including integration with hardware security modules and security monitoring tools.

• Advanced security or PKI‑focused certifications (for example, CISSP or PKI‑specific credentials) that validate expertise in cryptography and certificate management.

• Experience contributing to broader security architectures, policies, and best practices that rely on PKI.

Qualifications

Compensation Ranges

Compensation ranges for ASM Research positions vary depending on multiple factors; including but not limited to, location, skill set, level of education, certifications, client requirements, contract-specific affordability, government clearance and investigation level, and years of experience. The compensation displayed for this role is a general guideline based on these factors and is unique to each role. Monetary compensation is one component of ASM's overall compensation and benefits package for employees.

EEO Requirements

It is the policy of ASM that an individual's race, color, religion, sex, disability, age, sexual orientation or national origin are not and will not be considered in any personnel or management decisions. We affirm our commitment to these fundamental policies.

All recruiting, hiring, training, and promoting for all job classifications is done without regard to race, color, religion, sex, disability, or age. All decisions on employment are made to abide by the principle of equal employment.

Physical Requirements

The physical requirements described in "Knowledge, Skills and Abilities" above are representative of those which must be met by an employee to successfully perform the primary functions of this job. (For example, "light office duties' or "lifting up to 50 pounds" or "some travel" required.) Reasonable accommodations may be made to enable individuals with qualifying disabilities, who are otherwise qualified, to perform the primary functions.

Disclaimer

The preceding job description has been designed to indicate the general nature and level of work performed by employees within this classification. It is not designed to contain or be interpreted as a comprehensive inventory of all duties, responsibilities and qualifications required of employees assigned to this job.