Sr. PKI Architect

Post Date

Sep 27, 2023



ZIP/Postal Code

Jul 20, 2024 Insight Global

Job Type




Req #


Pay Rate

$112k - $168k (estimate)

Job Description

Insight Global is looking for a Sr. PKI Architect to come in and completely drive a PKI refresh for our client. This candidate will need to not just deploy or manage PKI, but come up with a strategy and roadmap on anything KMS and PKI related and implement that. The clients Cryptographs are located in San Mateo and Camas, so we will need someone in close proximity or open to relocating to make sure they can come onsite 1-2 times a month at first and then move to more of a quarterly basis. This candidate will be needing to come in and prove that they can bring the expertise needed to implement and architect PKI from the ground up.

Official Day to Day:

PKI/KMS/HSM/Certificates Architect, Engineer, & Implementer with minimal of 8+ years of advanced hands-on experience in deploying, configuring, and managing certificated lifecycle management (KMS), Public Key Infrastructure (PKI), Certification Authorities (CA), Hardware Security Modules (HSM), Registration Authorities (RA), Root CA, Azure Key Vault, Thales, Venafi, and Entrust integration experience (PKI/HSM/KMS/CRL/CRT).

* Excellent knowledge in PKI / HSM ecosystem (technology, standards, implementations, & migration)

* Building a mature enterprise-wide certificate management services and Public Key Infrastructure capabilities. Supporting the definition, design, and deployment of enterprise PKI system.

* Ability to provide detailed specifications for PKI/KMS infrastructure.

* Administration, operation, upgrade and support of Certification Authorities (CA), Registration Authorities (RA), online responders, and Hardware Security Modules (HSM) of a Microsoft Windows-based enterprise Public Key Infrastructure (PKI).

* Provide roadmap guidance and recommendations to existing environment and future landscape (including the assessment & discovery work).

* Maintain detailed procedures, policies, standards, baselines, and work instructions for PKI & KMS administration, advise on improvements.

* Takes an active leadership role in maintaining and communicating PKI/KMS industry changes, advising and directing leadership to ensure that PKI requirements are addressed.

* Ensure PKI systems align to the firms Information Security policies, standards, and the industry best practices.

* An understanding of SSH, especially the configuration and use of SSH keys for authentication.

* Experience with technologies that heavily use TLS/SSL encryption.

* Represent PKI Engineering on organizational project teams and ensure adherence to existing security policies and standards.

* Manage the successful technical delivery of Information Security projects and services for our customers by working directly with key business stakeholders, executives and project teams.

* Keep up on current technologies and maintain awareness of industry trends and threats, focusing on PKI/PKE technologies.

Education / Certifications:

* Bachelor's or Master's degree in Information Assurance, Computer Science, Cybersecurity, Information Systems or related field of study.

* Certification Requirements: A security industry certification is required including but not limited to CISSP, SSCP, CISM, SANS GSEC, ECSA, ECSP, and Security+.

We are a company committed to creating diverse and inclusive environments where people can bring their full, authentic selves to work every day. We are an equal opportunity/affirmative action employer that believes everyone matters. Qualified candidates will receive consideration for employment regardless of their race, color, ethnicity, religion, sex (including pregnancy), sexual orientation, gender identity and expression, marital status, national origin, ancestry, genetic factors, age, disability, protected veteran status, military or uniformed service member status, or any other status or characteristic protected by applicable laws, regulations, and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application or recruiting process, please send a request to [email protected].

To learn more about how we collect, keep, and process your private information, please review Insight Global's Workforce Privacy Policy: .

Required Skills & Experience

* Experience in Entrust, HashiCorp, Thales, DigCert, and Venafi.

* Individuals in this role must be well versed and educated in common Information Security practices and the CISSP domains, as well as possess general Information Technology experience.

* They must be able to leverage these experiences and education to identify opportunities for improvement of present information security environment, focusing on PKI, encryption, and certificate-based authentication solutions.

* Expert level experience with PKI implementation and certificate lifecycle management solution.

* Expert level experience with hardware security module (HSM) technology.

* Expert level experience in MS Certificate Management Services and Active Directory Domain Services.

* Expert level experience in SSL certificate management concepts, processes, and solution management.

* Expert level experience in cloud solution development with Azure architectures as it related to PKI management.

* Technical Skills:

o Public key infrastructure

o Strong authentication / multi-factor authentication technologies

o CodeSigning

o Cryptographic services

o Encryption

o Certificate Management

o Data Protection

Benefit packages for this role will start on the 31st day of employment and include medical, dental, and vision insurance, as well as HSA, FSA, and DCFSA account options, and 401k retirement account access with employer matching. Employees in this role are also entitled to paid sick leave and/or other paid time off as provided by applicable law.