Job Title: PKI Architect
Location: Sunnyvale, CA (Hybrid – 2 days onsite)
Job Type: Contract
Experience: 12+ years in cybersecurity, with at least 3 years focused on PKI architecture
Job Overview
Key Responsibilities
- Design and architect scalable PKI solutions to support enterprise security requirements
- Define and enforce certificate policies, key usage standards, and lifecycle management processes
- Manage root and subordinate Certificate Authorities (CAs), including hardware security modules (HSMs)
- Ensure compliance with industry standards and regulatory requirements (e.g., NIST, ISO, GDPR)
- Collaborate with cybersecurity, infrastructure, and application teams to integrate PKI into broader security architecture
- Conduct risk assessments and recommend improvements to PKI-related processes and technologies
- Provide technical leadership and mentoring to engineering teams on PKI best practices
Required Skills
- Strong understanding of cryptographic protocols: TLS/SSL, S/MIME, IPsec
- Certificate formats (X.509) and key management
- Experience with PKI platforms: Microsoft AD CS, Venafi, DigiCert, Entrust, Keyfactor
- Familiarity with HSMs, smart cards, and secure key storage solutions
- Knowledge of Identity and Access Management (IAM) and PKI integration
- Bachelor's or Master's degree in Computer Science, Information Security, or related field
Preferred Skills
- CISSP, CISM, or vendor-specific PKI certifications
- Cloud-based PKI experience: AWS Certificate Manager, Azure Key Vault
- DevSecOps practices and automation of certificate management
Location & Work Model
Sunnyvale, CA — Hybrid (2 days onsite per week)
Engagement Details
Contract engagement. Apply now to learn more about this opportunity.