Senior Tenable Engineer
CACI International Inc
AnsibleAzureCloudKubernetesLinuxPythonVMware
Engineer, PKI
NBCUniversal
full-time
Posted on:
Location Type: Remote
Location: Remote • Florida • 🇺🇸 United States
Visit company websiteSalary
💰 $105,000 - $135,000 per year
Job Level
Mid-LevelSenior
Tech Stack
AWSCloudVault
About the role
- The Public Key Infrastructure (PKI) Engineer will be a key member of the new Versant Cyber organization and is responsible for designing, implementing, and maintaining the cryptographic infrastructure used to secure communications, authenticate identities, and protect data across digital systems.
- Manage enterprise Certificate Authorities (CAs), including Root and Intermediate CAs (internal and third-party).
- Maintain Certificate Revocation Lists (CRLs) and Online Certificate Status Protocol (OCSP) services.
- Oversee the issuance, renewal, and revocation of user, device, service, and application certificates.
- Implement certificate lifecycle automation to reduce manual errors and expiry risk.
- Promote, foster, and advocate for an environment of collaboration, diversity, and inclusion.
- Ensure systems adhere to industry best practices for encryption, signing, and key usage (e.g., RSA, ECC, SHA-2, TLS 1.2/1.3).
- Stay current with NIST guidelines, WebTrust requirements, and corporate cryptographic policies.
- Manage private key protection using Hardware Security Modules (HSMs), Trusted Platform Modules (TPMs), or cloud KMS.
- Ensure secure storage, usage, and backup of cryptographic materials.
- Investigate and remediate certificate-related outages or compromise scenarios (e.g., mass expiration, misissuance, stolen keys).
- Collaborate and drive productivity and effective integration with adjacent Versant Cyber functions and specifically the synergies required across the security stack and technology platforms.
Requirements
- Minimum 5 years experience in identity and access management (IAM), security engineering, or infrastructure roles, with a strong focus on PKI, cryptography frameworks, or certificate management.
- Experience with cryptographic algorithms like RSA, ECC, SHA-2, AES, and hybrid post-quantum readiness is a plus.
- Experience managing PKI platforms such as Microsoft ADCS, Venafi, Keyfactor, DigiCert, AWS Certificate Manager, or HashiCorp Vault.
- Deep understanding of TLS/SSL, S/MIME, PGP, Code signing, and HTTPS
- Experience supporting compliance for TLS/HTTPS, code signing, and encryption policies.
- Strong documentation skills for crypto policies, key ceremonies, and procedures.
- Ability to partner with teams across security, IT, DevOps, and application delivery.
- Experience providing direct support and input to business executives and taking a lead role in driving the strategic direction of the organization’s mission.
- Bachelor’s Degree in an IT related field and/or equivalent work experience.
Benefits
- medical, dental and vision insurance
- 401(k)
- paid leave
- tuition reimbursement
- variety of other discounts and perks
Applicant Tracking System Keywords
Tip: use these terms in your resume and cover letter to boost ATS matches.
Hard skills
Public Key Infrastructure (PKI)cryptographycertificate managementcryptographic algorithmsTLS/SSLS/MIMEPGPcode signingencryption policiescertificate lifecycle automation
Soft skills
collaborationdiversityinclusiondocumentationpartneringleadershipstrategic direction
