What are the responsibilities and job description for the Senior PKI Engineer position at Grant Leading Technology, LLC?
PKI Engineer
Remote
Grant Leading Technology is seeking a candidate for PKI Engineer to join our dynamic team. The candidate will provide PKI engineering and implementation support for the Identify Credential and Access Management (ICAM) team of our government client. This position will be remote, and the hours are 8 am to 5 pm EST.
Ideally, we are looking for someone with experience supporting Microsoft PKI enterprise environments with greater than 20,000 personnel.
Responsibilities:
· Focuses on public key infrastructure (PKI) information security domain architecture planning, design, and related functions in the areas of PKI encryption solutions, cryptographic services, key management (HSM) and related security technologies within the enterprise.
· Provide guidance to key stakeholders and contribute to the technical direction of all areas of PKI architecture, including policies, standards, strategies, automation and governance.
· Contribute to a technical team ensuring consistency and interoperability between solution components.
· Responsible for assisting with the enhancements and design of the PKI infrastructure on the cloud.
· Implement, engineer and manager PKI infrastructure on Prem, AWS GOVCloud, and AZURE GOVCloud resources utilizing industry best practice.
· Implement and support various tools such as SailPoint, RadiantLogic, and Ping Federate to support client environment.
· Provide engineering support for cryptography, PIV authorization, IGA SailPoint IIQ, and addressing security vulnerabilities within the PKI infrastructure.
· Manage two-tier Microsoft Certificate Authority, certificate trust chains and certificate enrollment
· Implement and manage Validation Authority, Validation Responders in a production environment
· Ensure correct firewall rules and cloud security groups are in place for PKI and SailPoint IIQ.
· Implement and manage Thales HSMs appliances in a production environment.
· Provide engineering support for the certificate management services with KeyFactor Command.
· Implement and Engineer SailPoint IIQ on Prem and AWS GOVCloud
· Configure CRED, PRIV, TRUST, and IDENTITY sources for CDM SailPoint IIQ
· Create and edit infrastructure target state diagrams (TSD) detailing the layout of the network and how traffic will flow between the resources both on Prem and cloud.
· Ensure compliance with PKI and SailPoint infrastructures by providing technical knowledge during the privacy impact assessments (PIA), the system security plans (SSP) and the authority to operate (ATO) process
· Consult with other members of project team to write, edit, and review of technical documents in the infrastructure.
· Support proof of concept (POC) builds within the cloud infrastructure for future technologies (including but not limited to SailPoint, Ping, CyberArk and Radiant Logic)
Qualifications and Education Requirements:
· Bachelor of Arts (BA) degree in Cybersecurity, Computer Science, or related discipline
· 10 years of experience in cybersecurity
· 4 years of experience in public key infrastructure (PKI)
· Advanced experience with certificate lifecycle management, enterprise authentication and web security, and commercial Certificate Authorities
· Strong proficiency in cryptography
· Ability to support the end-to-end deployment of secure, PKI-based Web applications.
· Senior level architecture experience with deploying PKI solutions.
· General knowledge of integrating multifactor (MFA) and single sign-on (SSO) with Ping Federate
· General knowledge of NIST controls and FedRAMP compliance
· General knowledge of cloud technologies, communication routes within Azure and AWS
· Good team player
Preferred Skills:
· Federal government experience preferred.
· Experience supporting PKI enterprise environments with greater than 20,000 personnel.
· Working knowledge of Shell scripting / PowerShell