Architect and maintain multi-tier Certificate Authority hierarchies (Root, Subordinate, and Issuing CAs) using Microsoft ADCS, Entrust, or DigiCert.
"Enable" applications (Web, Mobile, IoT) to use certificates for S/MIME email encryption, TLS/SSL, and 802.1X network authentication.
Implement and manage Certificate Lifecycle Management (CLM) tools like Venafi, Keyfactor, or AppViewX to automate renewals and prevent outages
Manage the physical and logical lifecycle of Hardware Security Modules (HSMs) such as Thales/nCipher or Utimaco.
Draft and enforce the Certificate Policy (CP) and Certification Practice Statement (CPS) to ensure legal and regulatory compliance (e.g., FIPS 140-2/3).
Lead the transition to Post-Quantum Cryptography (PQC) algorithms to protect against "harvest now, decrypt later" threats.
Act as the SME for certificate-related outages, compromised keys, or emergency revocation (CRL/OCSP) procedures.

Requirements

Minimum of six years of progressive experience in PKI/PKE administration
Bachelor’s degree in computer science, or a related field.
Deep understanding of asymmetric/symmetric encryption, hashing algorithms (SHA-256/384), and protocols (OCSP, SCEP, EST, CMP).
Proficiency in PowerShell, Python, or OpenSSL for automating certificate requests and inventorying.
Familiarity with X.509, NIST SP 800-53/175, and RFC 5280.
Ability to obtain Secret level government security clearance / Active clearance preferred
Ability to obtain CompTIA Security+ / Active certification preferred.

Benefits

paid time off
medical/dental/vision insurance
401(k)

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools

PKI administrationPKE administrationasymmetric encryptionsymmetric encryptionhashing algorithmsPowerShellPythonOpenSSLCertificate Lifecycle ManagementPost-Quantum Cryptography

Certifications

Bachelor’s degree in computer scienceCompTIA Security+Secret level government security clearance