Public Key Infrastructure (PKI) Engineer

Location: Hybrid - Onsite in Dallas, TX

Job Type: Full-Time

Salary: $85,000 - $145,000

*This represents the potential salary range for this position depending on education level, years of experience and/or certifications in addition to other position specific requirements which may impact salary

We are seeking an experienced Public Key Infrastructure (PKI) Engineer responsible for the design, implementation, and management of secure certificate and encryption services across enterprise environments. This role will focus on automating and managing Public Key Infrastructure processes, ensuring platform-level authentication across Windows and Unix systems, and integrating PKI controls with infrastructure and security operations.

The ideal candidate has a strong understanding of cryptographic principles, automation, and compliance-focused design.

• Design, implement, and manage PKI and certificate lifecycle management processes and controls.
• Automate and manage certificate issuance, renewal, and revocation using industry tools.
• Evaluate and maintain cryptographic standards and practices for enterprise systems.
• Ensure compliance and auditability of PKI solutions through effective documentation and tooling.

• Integrate certificate authority management with enterprise authentication platforms, including Active Directory and Unix-based systems.
• Assess and implement encryption technologies, including TLS, PGP, and HSM, for data protection.
• Support secure infrastructure design by implementing and reviewing cryptographic and authentication mechanisms.
• Collaborate with security and infrastructure teams to ensure full integration and automation of PKI solutions.

• Contribute to Agile team environments, including Scrum and Kanban, with a focus on continuous integration and delivery.
• Prioritize and manage multiple ongoing initiatives, balancing delivery timelines and technical quality.

• 10+ years of experience in IT infrastructure or related fields with demonstrated design and engineering capabilities.
• 3+ years working in a PKI environment, including experience with CA and certificate lifecycle management.
• Hands-on experience with encryption and cryptographic technologies such as TLS, PGP, PKI, and HSM.
• Experience with Linux platforms.
• Familiarity with Windows Server is a plus.
• Familiarity with Agile methodologies and DevSecOps principles.

• Solid understanding of key management, tokenization, and data masking.
• Knowledge of system vulnerabilities, penetration testing methods, and remediation techniques.
• Proficiency with scripting languages such as Python, PowerShell, Bash, or KornShell.
• Ability to collaborate across technical teams and effectively communicate with stakeholders at all levels.
• Strong organizational and prioritization skills, with the ability to manage multiple projects with competing demands.

• Experience with certificate management tools such as Venafi, Keyfactor, or similar platforms.
• Working knowledge of Entrust or other public certificate providers.
• Experience with configuration and infrastructure automation tools such as Ansible, Puppet, or Terraform.
• Familiarity with Identity and Access Management tools such as IBM TIM/TAM.
• Exposure to IoT device security and management.
• Hands-on experience with Red Hat technologies, including Identity Management, RHV, Satellite, RHDS, and Ceph.
• Experience with AWS cloud services, including EC2, S3, Lambda, RDS, ALB/NLB.
• Proven ability to design, optimize, and troubleshoot public cloud infrastructure and complex application stacks.
• Background in architectural or design roles such as Solutions Architect, Technical Architect, or Technical Design Authority.