Public Key Infrastructure (PKI) Architect

Reposted 13 Hours Ago
Be an Early Applicant
Hiring Remotely in US
Remote
110K-150K Annually
Mid level
Information Technology
The Role
Design, implement, and modernize enterprise PKI and identity trust services for federal systems. Build cloud-native solutions (AWS/Azure), automate certificate lifecycle and deployments, support DevSecOps, ensure compliance with FIPS/NIST/FISMA and Zero Trust, and monitor and optimize platform security and performance.
Summary Generated by Built In

Capital Technology Group provides expert consulting services software development, digital transformation, human-centered design, data analytics and visualization, and cybersecurity. 

Our multidisciplinary teams use agile methodologies to rapidly and incrementally deliver value in close collaboration with our clients. For over a decade, we have been trusted by both federal and commercial clients to solve complex, mission-critical business challenges. The quality of our work has been recognized by our partners and peers through our inclusion in the Digital Services Coalition, a group of forward- thinking firms recognized for excellence in delivering IT services.

Client Requirements: applicants MUST BE US Citizens and be able to obtain Public Trust clearance

The CTG Experience

At Capital Technology Group (CTG), our teams are passionate about modernizing how the federal government delivers software. We partner with federal agencies to build secure, scalable, and mission-driven solutions that make a meaningful impact on millions of people. Recognized by The Washington Post as a Top Workplace in 2025 and 2026. CTG fosters a culture rooted in our core values. Our values guide how we work together and support one another, creating an environment where employees feel trusted, empowered, and encouraged to grow both personally and professionally.

About the Role

CTG is seeking a PKI Architect to design, implement, and modernize enterprise Public Key Infrastructure (PKI) and identity trust services supporting mission-critical federal systems. This role is ideal for a senior technical architect with deep expertise in cryptographic systems, identity security, and scalable infrastructure design across complex, highly secure environments.

You Will Get To
  • Design, implement, and evolve PKI architectures that enable secure authentication and Zero Trust initiatives
  • Build and support cloud-native solutions across AWS and Azure environments.
  • Automate infrastructure, deployments, and operational processes using Ansible and CI/CD pipelines.
  • Partner with security and engineering teams to implement DevSecOps practices and secure software delivery.
  • Support compliance initiatives aligned with FIPS, NIST 800-53, FISMA, and Zero Trust Architecture principles.
  • Monitor, troubleshoot, and optimize application and platform performance using security and observability tools.
Who You Are
  • A collaborative engineer who enjoys solving complex technical and security challenges.
  • Passionate about building scalable, secure, and reliable cloud-based solutions.
  • Comfortable working across application development, cloud infrastructure, identity, and security domains.
  • Skilled at balancing technical innovation with operational excellence and compliance requirements.
  • An effective communicator who can work with cross-functional teams and stakeholders.
Qualifications
  • Bachelor’s degree in Computer Science, Cybersecurity, Information Systems, Engineering, Mathematics, or a related technical field (or equivalent experience)
  • 4+ years of professional experience in PKI architecting, cybersecurity engineering, identity and access management (IAM), infrastructure/security architecture, or enterprise platform engineering (not limited to application development)
  • Experience designing and supporting PKI solutions in FICAM and Federal PKI (FPKI) environments.
  • Experience with X.509 certificate lifecycle management, automation, and policy development.
  • Knowledge of X.509 certificate policies and CA/Browser Forum standards.
  • Experience implementing certificate automation using ACME.
  • Experience with Hardware Security Modules (HSMs) and cryptographic key management.
  • Familiarity with Post-Quantum Cryptography (PQC) concepts and migration strategies.
  • Experience with PKI platforms including DigiCert, Entrust, Microsoft AD CS, and Let's Encrypt.
  • Experience supporting CAC/PIV smart cards, server, code-signing, and S/MIME certificates, including certificate trust chains and validation.
  • Experience with cloud platforms such as AWS and/or Azure.
  • Familiarity with DevSecOps practices, CI/CD pipelines, and source control platforms such as GitHub Enterprise.
  • Understanding of security frameworks and standards including NIST, FISMA, FIPS, and Zero Trust principles.
Nice to Have
  • Experience using Docker and Kubernetes.
  • Experience with Shibboleth, CyberArk, or HashiCorp Vault.
  • Experience with Splunk, Tenable, Checkmarx, SonarQube, or related security tooling.
  • Experience with STIG hardening, vulnerability management, or compliance programs.
  • Familiarity with PIV authentication and identity governance solutions.
  • Experience supporting highly regulated environments, including federal or public sector organizations.
  • Relevant cloud, security, or architecture certifications.
Client Requirements
  • Applicants must be U.S. Citizens
  • Ability to obtain a Public Trust clearance
Salary

We are committed to offering a competitive salary for this position, with an estimated range of $110,000 to $150,000 annually. Please note that this range is intended to provide a general idea of what to expect. The final offer may vary based on experience, skills, and other factors.

Full Time Employee Benefits
  • Remote Work (Hybrid roles will be specified in the job post)
  • Competitive Compensation Package
  • Medical, Dental, and Vision
  • Life Insurance, Short/Long Term Disability
  • Employee Assistance Program
  • 401(k) with 4% matching
  • Liberal PTO vacation policy
  • Generous Annual Continuing Education
  • Annual Wellness Budget
  • Bonus Incentive Programs (Employee referrals and performance-based rewards)

Thanks for your interest in Capital Technology Group!

Capital Technology Group is an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability status, protected veteran status, or any other characteristic protected by law.


Skills Required

  • U.S. citizenship
  • Ability to obtain Public Trust clearance
  • Bachelor's degree in Computer Science, Cybersecurity, Information Systems, Engineering, Mathematics, or related field (or equivalent experience)
  • 4+ years professional experience in PKI architecture, cybersecurity engineering, IAM, infrastructure/security architecture, or enterprise platform engineering
  • Experience designing and supporting PKI solutions in FICAM and Federal PKI (FPKI) environments
  • Experience with X.509 certificate lifecycle management, automation, and policy development
  • Knowledge of X.509 certificate policies and CA/Browser Forum standards
  • Experience implementing certificate automation using ACME
  • Experience with Hardware Security Modules (HSMs) and cryptographic key management
  • Familiarity with Post-Quantum Cryptography concepts and migration strategies
  • Experience with PKI platforms such as DigiCert, Entrust, Microsoft AD CS, and Let's Encrypt
  • Experience supporting CAC/PIV smart cards, server/code-signing, and S/MIME certificates including trust chains and validation
  • Experience with cloud platforms (AWS and/or Azure)
  • Familiarity with DevSecOps practices, CI/CD pipelines, and source control platforms (e.g., GitHub Enterprise)
  • Understanding of security frameworks and standards including NIST, FISMA, FIPS, and Zero Trust principles
  • Experience using Docker and Kubernetes
  • Experience with Shibboleth, CyberArk, or HashiCorp Vault
  • Experience with Splunk, Tenable, Checkmarx, SonarQube, or related security tooling
  • Experience with STIG hardening, vulnerability management, or compliance programs
  • Familiarity with PIV authentication and identity governance solutions
  • Relevant cloud, security, or architecture certifications
Am I A Good Fit?
beta
Get Personalized Job Insights.
Our AI-powered fit analysis compares your resume with a job listing so you know if your skills & experience align.

The Company
HQ: Silver Spring, MD
54 Employees
Year Founded: 2010

What We Do

Capital Technology Group provides technical leadership and expert consulting services for a wide range of business needs and information technologies including: enterprise architecture and application integration, custom application development, big data, and search. Our consultants have broad knowledge and deep, hands-on technical experience managing the full software development lifecycle from understanding business drivers and release planning, through system architecture and design, to delivery of quality and maintainable software. Capital Technology Group has supported government and commercial clients in the Washington, DC area since 2010.

Similar Jobs

Circle Logo Circle

Senior Talent Acquisition Partner (Temporary)

Blockchain • Fintech • Payments • Financial Services • Cryptocurrency • Web3
In-Office or Remote
26 Locations
1050 Employees
113K-148K Annually

Square Logo Square

Business Development Manager

eCommerce • Fintech • Hardware • Payments • Software • Financial Services
Remote or Hybrid
8 Locations
12000 Employees
164K-297K Annually

Square Logo Square

GTM Strategy & Operations - Global Sales

eCommerce • Fintech • Hardware • Payments • Software • Financial Services
Remote or Hybrid
8 Locations
12000 Employees
103K-194K Annually

ServiceNow Logo ServiceNow

Senior Engineering Manager

Artificial Intelligence • Cloud • HR Tech • Information Technology • Productivity • Software • Automation
Remote or Hybrid
Santa Clara, CA, USA
29000 Employees
201K-352K Annually

Similar Companies Hiring

Scrunch  Thumbnail
Artificial Intelligence • Information Technology • Marketing Tech • Software • SEO
Salt Lake City, Utah
Standard Template Labs Thumbnail
Artificial Intelligence • Information Technology • Software
New York, NY
25 Employees
Golden Pet Brands Thumbnail
Digital Media • eCommerce • Information Technology • Marketing Tech • Pet • Retail • Social Media
El Segundo, California
178 Employees

Sign up now Access later

Create Free Account

Please log in or sign up to report this job.

Create Free Account