Senior PKI & Identity Infrastructure Engineer

Job Summary:

We are seeking a highly skilled Senior PKI & Identity Infrastructure Engineer to design, implement, and maintain our organization's critical identity and security infrastructure across on-premises and cloud environments. This role requires deep expertise in PKI, Active Directory, and cloud technologies.

Key Areas of Responsibility:

PKI Infrastructure:

• Design and maintain enterprise PKI architecture using Windows Certificate Authority
• Manage and optimize Keyfactor deployment for certificate lifecycle management
• Configure and maintain Hardware Security Modules (HSM) for key protection
• Implement automated certificate discovery and renewal processes
• Develop and maintain PKI policies and procedures
• Monitor and ensure compliance with security standards
• Implement disaster recovery procedures for PKI infrastructure

Active Directory & Identity Management :

• Design and implement secure Active Directory architecture
• Perform Active Directory security hardening and implement security best practices
• Lead Active Directory consolidation projects
• Configure and maintain Microsoft Entra ID (formerly Azure AD)
• Design and maintain enterprise SSO solutions
• Configure and manage Enterprise Applications integration
• Implement and maintain AD security monitoring and alerting
• Conduct regular security assessments and remediation
• Design and implement Zero Trust architecture

Cloud Infrastructure:

• Design and maintain hybrid infrastructure across AWS EC2 and Azure
• Develop and maintain Infrastructure as Code using Terraform
• Implement cloud security controls and compliance requirements
• Design and implement disaster recovery solutions
• Manage cloud identity federation
• Optimize cloud resource utilization and costs
• Implement cloud networking and security controls

Required Technical Skills:

PKI Expertise:

• Advanced knowledge of Windows Certificate Authority
• Extensive experience with Keyfactor platform
• Hands-on experience with HSM configuration and management
• Understanding of certificate lifecycle management
• Knowledge of PKI security standards and best practices

Active Directory & Identity:

• Expert-level Active Directory architecture and administration
• Experience with AD security hardening techniques
• Proven experience in AD consolidation projects
• Microsoft Entra ID implementation and management
• Enterprise SSO and application integration
• Identity lifecycle management
• Security information and event management (SIEM)

Cloud & Automation:

• Advanced Terraform scripting and management
• AWS EC2 architecture and administration
• Azure infrastructure management
• Infrastructure as Code best practices
• Cloud security architecture
• Automation and scripting (PowerShell, Python)
• CI/CD pipeline integration

Required Qualifications:

• 8+ years of experience in IT infrastructure
• 5+ years of experience with PKI and Keyfactor
• Strong experience in Active Directory security
• Proven experience with cloud infrastructure
• Relevant certifications (e.g., MCSE, AWS/Azure certifications)
• Experience with enterprise-scale implementations

Additional Skills:

• Strong project management capabilities
• Excellent problem-solving abilities
• Strong documentation skills
• Experience leading technical teams
• Ability to communicate complex technical concepts
• Experience with change management processes
• Scripting and automation (Powershell, Terraform...)

Education:

• Bachelor's degree in Computer Science, Information Security, or related field
• Relevant professional certifications:

o Microsoft certifications (MCSE, Azure Security Engineer)

o AWS certifications

o Security certifications (CISSP, CISM)

Key Projects/Tasks:

1. PKI Infrastructure:

o Design and implement PKI architecture

o Keyfactor platform optimization

o Certificate lifecycle automation

o HSM configuration and management

o Security compliance implementation

2. Active Directory:

o AD security hardening implementation

o Entra ID integration and management

o Enterprise application SSO configuration

o Identity governance implementation

o Security monitoring and alerting setup

3. Cloud Infrastructure:

o Terraform template development

o Cloud security controls implementation

o Hybrid identity solution design

o Infrastructure automation

o Disaster recovery planning

o Cost optimization strategies