https://cdn.builtin.com/cdn-cgi/image/f=auto,fit=scale-down,w=200,h=200/sites/www.builtin.com/files/2021-10/1570464082176.jpeg Logo

ECS

Senior PKI Engineer

Posted 10 Days Ago
Be an Early Applicant
Fairfax, VA, USA
In-Office
Senior level
Artificial Intelligence • Cloud • Information Technology • Security • Software
The Role
Lead architect and operator for enterprise PKI: design, deploy, automate, and maintain CA infrastructure and certificate lifecycle management. Integrate PKI with systems, cloud, and CI/CD; enforce compliance (NIST/FIPS/ DISA/FedRAMP/FISMA); support incident response and cross-team integrations.
Summary Generated by Built In
Job Summary & Responsibilities

Everforth ECS is seeking a Senior Public Key Infrastructure (PKI) Engineer to work in our Fairfax, VA office in a hybrid onsite/remote capacity.

 

The Senior PKI Engineer will be responsible for the architecting, implementation, administration, automation, and maintenance of enterprise Public Key Infrastructure (PKI) systems and cryptographic services. This role supports secure authentication, encryption, digital signing, certificate lifecycle management, and enterprise trust services across complex environments.

 

The engineer will lead efforts to modernize and automate certificate management processes, reduce manual administration, and improve the scalability and security of PKI operations. Responsibilities include managing certificate authorities (CAs), automating certificate issuance and renewal workflows, integrating PKI services with enterprise platforms, and supporting compliance with cybersecurity standards and operational requirements.

 

Key Responsibilities

  • Architect, deploy, configure, and maintain enterprise PKI environments and certificate authority infrastructure.
  • Automate certificate lifecycle management processes including certificate issuance, renewal, revocation, rotation, and expiration monitoring.
  • Develop and maintain automation scripts, APIs, and workflows for PKI and certificate management using tools such as PowerShell, Python, Ansible, Terraform, or similar technologies.
  • Implement automated certificate enrollment and management solutions for servers, applications, network devices, containers, and cloud platforms.
  • Administer internal and external certificate authorities (Microsoft CA, Entrust, DigiCert, EJBCA, or similar platforms).
  • Implement and maintain TLS/SSL certificates across enterprise systems and environments.
  • Troubleshoot PKI-related issues involving authentication, encryption, trust relationships, and certificate validation.
  • Support identity and access management integrations using certificates, smart cards, and multifactor authentication technologies.
  • Ensure PKI systems comply with organizational security policies and applicable standards such as NIST, FIPS, DISA STIGs, FedRAMP, or FISMA requirements.
  • Collaborate with cybersecurity, DevSecOps, cloud, network, and systems engineering teams to integrate secure certificate management into enterprise platforms and CI/CD pipelines.
  • Participate in incident response activities involving cryptographic systems, certificate compromise, or trust-related issues.
  • Maintain technical documentation, architecture diagrams, standard operating procedures, and configuration baselines.
  • Other duties, as assigned.
Preferred Qualifications
  • U.S. Citizen. No Dual Citizens.
  • Candidate requires a Secret Clearance to Interview. Final clearance required is TS.
  • Minimum 12 years of experience with no degree. 
  • Active DoD 8140 IAT Level II Security+ (or higher) or ability to obtain within 90 days of hire.
  • Ability to work in a hybrid capacity, with up to 3 business days per week onsite in Fairfax, VA.  
  • Experience with:
    • Administering enterprise PKI and certificate management environments.
    • Automating certificate management and infrastructure processes.
    • Microsoft Active Directory Certificate Services (AD CS) or comparable PKI platforms.
    • Developing automation using PowerShell, Python, Bash, REST APIs, or infrastructure-as-code tools.
    • Windows Server and/or Linux administration.
  • Strong knowledge of:
    • TLS/SSL protocols.
    • Certificate authorities and registration authorities.
    • PKI architecture and trust models.
    • Cryptographic algorithms and key management.
    • Smart card and MFA technologies.
  • Understanding of enterprise security architecture and cybersecurity best practices.
  • Ability to troubleshoot authentication and certificate-related issues across enterprise systems.
  • Strong problem-solving and decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate solution.
  • Highly developed interpersonal and oral/written communication skills, with the ability to effectively and professionally interact with a diverse set of stakeholders (from peers to end-users to executive management).

Skills Required

  • U.S. Citizen (no dual citizens)
  • Secret clearance to interview; Top Secret final clearance required
  • Minimum 12 years of experience (no degree required)
  • Active DoD 8140 IAT Level II Security+ (or ability to obtain within 90 days)
  • Ability to work hybrid with up to 3 days per week onsite in Fairfax, VA
  • Experience administering enterprise PKI and certificate management environments
  • Experience automating certificate lifecycle and PKI infrastructure processes
  • Experience with Microsoft Active Directory Certificate Services (AD CS) or comparable PKI platforms
  • Automation development using PowerShell, Python, Bash, REST APIs, or infrastructure-as-code tools
  • Windows Server and/or Linux administration experience
  • Strong knowledge of TLS/SSL, certificate authorities, PKI architecture, cryptographic algorithms, and key management
  • Experience with smart card and multifactor authentication technologies and identity integrations
  • Familiarity with compliance standards and controls (NIST, FIPS, DISA STIGs, FedRAMP, FISMA)
  • Ability to troubleshoot PKI authentication, trust relationships, and certificate validation issues
  • Ability to participate in incident response for cryptographic systems and maintain technical documentation

ECS Compensation & Benefits Highlights

The following summarizes recurring compensation and benefits themes identified from responses generated by popular LLMs to common candidate questions about ECS and has not been reviewed or approved by ECS.

  • Healthcare Strength ECS advertises multiple national-network medical plan options with HSA eligibility alongside dental and vision coverage. Coverage generally begins quickly and is paired with company-paid short- and long-term disability, adding stability to the health package.
  • Retirement Support A 401(k) with Safe Harbor and immediate vesting on employer contributions is emphasized, with an employer match available. Access to an employee stock purchase plan via the parent company provides an additional savings avenue.
  • Parental & Family Support Paid parental leave up to 30 days, adoption assistance, and other family-oriented leaves are highlighted. Feedback suggests these offerings add meaningful value beyond base pay for many roles.
Learn more about ECS's Compensation & Benefits →

ECS Insights

What's It Like to Work at ECS? ECS Culture & Values ECS Career Growth & Development What's the Work-Life Balance Like at ECS? ECS Leadership & Management ECS Company Growth, Stability & Outlook
View all jobs at ECS
View ECS Profile
Am I A Good Fit?
beta
Get Personalized Job Insights.
Our AI-powered fit analysis compares your resume with a job listing so you know if your skills & experience align.

The Company
HQ: Fairfax, VA
2,129 Employees
Year Founded: 1993

What We Do

ECS, a segment of ASGN (NYSE: ASGN), delivers advanced solutions and services in cloud, cybersecurity, artificial intelligence (AI), machine learning (ML), application and IT modernization, and science and engineering. The company solves critical, complex challenges for customers across the U.S. public sector, defense, intelligence and commercial industries. ECS maintains partnerships with leading cloud, cybersecurity, and AI/ML providers and holds specialized certifications in their technologies. Headquartered in Fairfax, Virginia, ECS has more than 3,400 employees throughout the U.S. and has been recognized as a Top Workplace by The Washington Post for the last five years.

Similar Jobs

SailPoint Logo SailPoint

Sr. Manager, Professional Services

Artificial Intelligence • Cloud • Sales • Security • Software • Cybersecurity • Data Privacy
Remote or Hybrid
United States
2461 Employees
114K-192K Annually

HCSS Logo HCSS

Senior Manager, Go-to-Market Finance

Software
Remote or Hybrid
USA
589 Employees

Capital One Logo Capital One

Technical Product Manager

Fintech • Machine Learning • Payments • Software • Financial Services
Hybrid
4 Locations
55000 Employees
101K-138K Annually

Capital One Logo Capital One

Senior Manager, Tech Recruiting Director+

Fintech • Machine Learning • Payments • Software • Financial Services
Hybrid
2 Locations
55000 Employees
162K-203K Annually

Similar Companies Hiring

Golden Pet Brands Thumbnail
Golden Pet Brands Logo

Golden Pet Brands

Digital Media • eCommerce • Information Technology • Marketing Tech • Pet • Retail • Social Media
El Segundo, California
178 Employees
Kepler Thumbnail
Kepler Logo

Kepler

Fintech • Software
New York, New York
6 Employees
Onshore Thumbnail
Onshore Logo

Onshore

Artificial Intelligence • Fintech • Software • Financial Services
New York, New York
60 Employees
View all jobs at ECS
View ECS Profile

Sign up now Access later

Create Free Account

Please log in or sign up to report this job.

Create Free Account