PKI Engineer Job Description
PKI Engineer Duties & Responsibilities
To write an effective PKI engineer job description, begin by listing detailed duties, responsibilities and expectations. We have included PKI engineer job description templates that you can modify and use.
Sample responsibilities for this position include:
PKI Engineer Qualifications
Qualifications for a job description may include education, certification, and experience.
Licensing or Certifications for PKI Engineer
List any licenses or certifications required by the position: PKI, SAN, S/MIME, SSL, CISSP, USPS, KMS, MFA, OCSP, SANS
Education for PKI Engineer
Typically a job would require a certain level of education.
Employers hiring for the PKI engineer job most commonly would prefer for their future employee to have a relevant degree such as Bachelor's and Master's Degree in Computer Science, Technical, Engineering, Information Systems, Education, Information Technology, Technology, Design, Management, Information Security
Skills for PKI Engineer
Desired skills for PKI engineer include:
Desired experience for PKI engineer includes:
PKI Engineer Examples
PKI Engineer Job Description
- Drive the development of PKI solutions to meet security and business requirements
- Develop automation approaches to solve PKI lifecycle challenges
- Analyze legacy PKI solutions for security gaps and develop new approaches/capability to mitigate
- Develop standards and approaches to enable seamless integration across technical stacks
- Partner with architecture teams to understand security and business implications of PKI strategy
- Act as a technical owner on initiatives involving PKI technologies
- Champion PKI capability and integration across core security and IT capability
- Manage Public Key Infrastructure related services including MSCA multi node PKI and numerous certificate related services
- Develop and deploy solutions to ensure that Digital Credential Services are performing according to specifications, meet defined procedures, and comply with applicable information security policies and requirements
- Integrate applications and third-party products into internal services and support and upgrade implemented systems
- End-2-end ownership of PKI infrastructure and API
- Ownership of scalability, capacity, redundancy, and resiliency, maintenance and decommissioning planning for our PKI solution
- Secure, maintain, and monitor the entire PKI solution end-2-end for our IoT ecosystem
- Estimate creation
- Troubleshooting OS and application integration
- Software provisioning & maintain up to date patch management
PKI Engineer Job Description
- Develop and maintain service patterns used for application integration
- Manage technical work activities of contingent worker resources to support enhancements and continuous improvements to services
- Support 24x7 oversight of Business As Usual (BAU) operations
- Manage Incident and Problem Management activities based on Information Technology Infrastructure Library (ITIL) guidelines
- Create appropriate compliance documentation/processes for cards and software certificate requests per DoD requirements on NIPR and SIPR in accordance with customer and contract management
- Maintain the hardware necessary to conduct PKI functions as required and not covered by the customer’s Tier 2 service desk
- Execute administrative responsibility for configuration management of the customer’s NIPR and SIPR Registration Authorities to support certificate issuance, management, and revocation – including documentation, inspections, remediation, reporting, and compliance to Service Levels Agreements (SLAs)
- Provide user support for digital signature and email encipherment utilizing X.509 certificates
- Track and maintain status of customer requirements and provide updates to the IAMB PMO
- Capture and document performance metrics to include performance of trend analysis, and collection and reporting of user support metrics
- Create and maintain procedural documents (SOP's)
- Build Tools for Day to Day operations identify processes where automation is needed (Shell/Python)
- Willingness to work on-call and respond to production failures on a 7x12 basis and beyond normal Working Hours
- Must currently possess a TOP SECRET (Active) security clearance
- Support, improve and maintain PKI implementation on secret networks
- Establish Federal and/or Commercial PKIs
PKI Engineer Job Description
- Implement and support PKI solutions at enterprise levels
- Create/renew / manage certificates for user and system based levels
- Manage in-house certificate authorities (Entrust/Microsoft)
- Provide / update documentation on operational procedures and methodologies
- Operate, maintain and troubleshoot Luna HSM devices (Gemalto / SafeNet)
- Lead and guide Financial & Risk with industry best practices related to all aspects of PKI
- Actively participate in a 24x7 delivery team, which may include on-call and weekend work
- Managing Enterprise Strong Authentication Platforms - Managing Multiple Domains and Forests (Domain Trusts, Schema Management and Site & Services)
- Managing Groups, Users, Service and Computer Accounts
- Group Policy Management (planning, implementing, and troubleshooting)
- Design and maintain PKI Trust Architectures
- Write and maintain certificate Policies and Certification Practices Statements/Registration Practices Statement
- Experience architecting and support PKI to support mobile devices
- Top Secret with SCI
- A Bachelor’s degree and a minimum of 10 years of experience in Public Key Infrastructure (PKI) technology, architecture design, implementation and use is required
- Experience architecting and implementing OCSP and LDAP technology
PKI Engineer Job Description
- Managing Active Directory Federation Service, Single Sign On (SSO)
- Manage identity information across a number of directories utilizing Microsoft Identity Manager 2016 (MIM)
- Domain Names Service (DNS)
- Installation of server operating systems
- System design, integration and installation
- Server network design
- Implementation of requests from other teams and individuals
- Directly work with customer to analyze requirements and then deploy security related solution to meet those requirements
- Lead an effort in gathering requirements, performing gap analysis, developing and presenting potential solutions, and creating detailed design and implementation plans
- Maintain and operate the Machine Readable Travel Document (MRTD) Certification Authority and Signature Delivery Service (SDS) systems
- Experience implementing and support PKI middleware
- Familiarity with DOD PKI auditing practices and procedures
- Must have strong communications skills and experience in client-facing roles
- Experience in developing technical requirements and facilitating work groups of users and other stakeholders
- Experience in technical business writing is required
- Candidate must have knowledge of DISA CSP PKI framework, and CNSSP 28, CNSSP 25, CNSSI 1300
PKI Engineer Job Description
- Automation of tasks related to cybersecurity such as correlations, alerting, analysis and event review processes
- Integration of various tools and datasets to enhance detective and preventive control sets
- Codified security principles for cloud (X-as-a-Service) systems integrated directly into application designs and blueprints/formations
- Unique, custom software solutions to achieve security goals when COTS or OSS solutions are not available or viable
- Software development experience/expertise to compliment product security and application security initiatives
- Systems analysis and software development efforts that align with agile-related approaches
- Upgrading and deploying to all environments
- Analyzing all aspects of the existing infrastructure and provide recommendations to enhance system reliability, availability, serviceability and scalability
- Assisting in defining standards, guidelines, leading practices, metrics and continuous validation of leading practices
- Troubleshooting to solve unique and complex problems related to infrastructure & PKI
- Must have a current active, Secret clearance and be eligible for Top Secret/SCI
- Must have experience in implementing Online Certificate Status Protocol (OCSP)
- Experience with SHA1 and SHA2 implementation
- Hardware Security Module (HSM) Implementation experience
- Significant experience preparing PowerPoint Presentations, engineering diagrams in Visio, and technical documentation (e.g., requirements and design) for complex systems is required
- Must possess and be able to maintain an active DoD Top Secret level clearance (minimum)