Public Key Infrastructure – PKI Architect

Capital Technology Group, LLC

PKI Architect designing and implementing enterprise Public Key Infrastructure and identity trust services. Collaborating with federal agencies to modernize secure software delivery.

Posted 6/18/2026full-timeRemote • 🇺🇸 United StatesMid-LevelSenior💰 $110,000 - $150,000 per yearWebsite

Tech Stack

Tools & technologies

AnsibleAWSAzureCloudCyber Security

About the role

Key responsibilities & impact

Design, implement, and evolve PKI architectures that enable secure authentication and Zero Trust initiatives
Build and support cloud-native solutions across AWS and Azure environments.
Automate infrastructure, deployments, and operational processes using Ansible and CI/CD pipelines.
Partner with security and engineering teams to implement DevSecOps practices and secure software delivery.
Support compliance initiatives aligned with FIPS, NIST 800-53, FISMA, and Zero Trust Architecture principles.
Monitor, troubleshoot, and optimize application and platform performance using security and observability tools.

Requirements

What you’ll need

Bachelor’s degree in Computer Science, Cybersecurity, Information Systems, Engineering, Mathematics, or a related technical field (or equivalent experience)
4+ years of professional experience in PKI architecting, cybersecurity engineering, identity and access management (IAM), infrastructure/security architecture, or enterprise platform engineering (not limited to application development)
Experience designing and supporting PKI solutions in FICAM and Federal PKI (FPKI) environments.
Experience with X.509 certificate lifecycle management, automation, and policy development.
Knowledge of X.509 certificate policies and CA/Browser Forum standards.
Experience implementing certificate automation using ACME.
Experience with Hardware Security Modules (HSMs) and cryptographic key management.
Familiarity with Post-Quantum Cryptography (PQC) concepts and migration strategies.
Experience with PKI platforms including DigiCert, Entrust, Microsoft AD CS, and Let's Encrypt.
Experience supporting CAC/PIV smart cards, server, code-signing, and S/MIME certificates, including certificate trust chains and validation.
Experience with cloud platforms such as AWS and/or Azure.
Familiarity with DevSecOps practices, CI/CD pipelines, and source control platforms such as GitHub Enterprise.
Understanding of security frameworks and standards including NIST, FISMA, FIPS, and Zero Trust principles.

Benefits

Comp & perks

Remote Work (Hybrid roles will be specified in the job post)
Competitive Compensation Package
Medical, Dental, and Vision
Life Insurance, Short/Long Term Disability
Employee Assistance Program
401(k) with 4% matching
Liberal PTO vacation policy
Generous Annual Continuing Education
Annual Wellness Budget
Bonus Incentive Programs (Employee referrals and performance-based rewards)

ATS Keywords

✓ Tailor your resume

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools

PKI architecturecloud-native solutionsAnsibleCI/CD pipelinesDevSecOps practicesX.509 certificate lifecycle managementcertificate automationHardware Security Modules (HSMs)cryptographic key managementPost-Quantum Cryptography (PQC)