PKI Engineer (Contract - Remote)

PKI Engineer (Contract – Remote)

Engagement Type: Contract (5–6 months, with potential for extension)

Work Model: 100% Remote

Role Overview

We are seeking an experienced, hands-on Public Key Infrastructure (PKI) Engineer for a client-facing technical engagement. This role is focused on engineering, implementation, and operations, not architecture. The ideal candidate will have deep, practical experience implementing and managing enterprise PKI solutions, with mandatory expertise in Venafi and DigiCert One.

You will be responsible for delivering end-to-end PKI implementations, integrating certificate and machine identity management solutions into complex enterprise environments, and ensuring secure, scalable, and compliant cryptographic operations.

Key Responsibilities

• PKI Engineering & Implementation
• Deploy, configure, and manage highly available PKI solutions with a primary focus on Venafi Trust Protection Platform and DigiCert One
• Perform hands-on implementation across client environments to meet project and security requirements
• Application & Enterprise Integrations
• Integrate PKI and certificate lifecycle solutions with enterprise applications, cloud platforms, and DevOps/CI/CD pipelines
• Support integrations across on-prem, hybrid, and cloud environments
• Machine Identity & Certificate Lifecycle Management
• Implement and manage machine identity strategies including certificate discovery, issuance, renewal, rotation, and revocation
• Ensure operational efficiency and automation of key lifecycle processes
• HSM & Code Signing
• Configure and manage Hardware Security Modules (HSMs) for secure key storage
• Implement and maintain secure code-signing workflows to protect software integrity
• Troubleshooting & Technical Support
• Serve as the PKI subject matter expert for troubleshooting certificate, integration, and automation issues
• Act as an escalation point for complex PKI-related incidents during the engagement
• Security & Compliance
• Ensure PKI implementations align with enterprise security standards and regulatory requirements (e.g., NIST, ISO 27001)
• Client Collaboration
• Work closely with application owners, security teams, project managers, and other stakeholders
• Translate technical requirements into effective PKI engineering solutions
• Documentation
• Produce and maintain detailed documentation covering configurations, integrations, operational procedures, and deliverables

Required Qualifications

• PKI Engineering Experience
• 3–5+ years of hands-on experience with enterprise PKI solutions
• Mandatory, in-depth experience with Venafi and DigiCert One
• Cryptography & Security Fundamentals
• Strong understanding of PKI concepts, cryptographic principles, and machine identity management
• Protocols & Directory Services
• Expertise in TLS/SSL, S/MIME, SCEP, EST
• Experience with Active Directory and LDAP environments
• Technical Skills
• Proven experience integrating PKI with enterprise applications, AWS and/or Azure, and CI/CD pipelines
• Hands-on experience with HSMs
• Proficiency in PowerShell or other scripting languages for automation
• Problem Solving
• Strong analytical skills with the ability to troubleshoot complex, real-world PKI issues
• Communication
• Excellent verbal and written communication skills, with the ability to engage both technical and non-technical stakeholders

Preferred Qualifications

• Experience in a professional services or consulting environment with client-facing responsibilities
• Familiarity with additional PKI and security tools such as Microsoft AD CS, HashiCorp Vault, or CyberArk
• Relevant security certifications (e.g., CISSP, CISM, or vendor-specific credentials)
• Working knowledge of ITIL processes for incident, change, and problem management