PKI Operator

Key Responsibilities:
Operational Support & Incident Management

• Provide 2nd/3rd line support for PKI services and supporting infrastructure, including root, subordinate, and issuing CA's
• Troubleshoot and resolve certificate issuance, revocation, auto-enrolment, and chain validation issues.
• Manage and respond to incidents, service requests, and change tickets within SLA.

• Manage and respond to infrastructure focused service requests such as:
• Provision/de-provision Azure
  
  AD accounts
• Setup SSO for applications
• Monitor Microsoft Defender portal and respond to security alerts
• Configuration and maintenance of Microsoft Intune Certificate Lifecycle Management
• Assist with certificate requests, renewals, revocations, and rekeying operations.
• Monitor and ensure timely renewal of critical certificates to prevent outages.
• Maintain inventory of issued certificates and their expiration timelines.

• Monitor the health of CA services, CRLs, OCSP responders, and AIA/CDP availability.
• Ensure regular backups of CA keys, databases, configurations, platforms and state.
• Conduct patching and updates of PKI-related servers and services.
• Carry out collection, reporting and remediation tasks in order to maintain a crypto inventory.

• Ensure adherence to security best practices and organisational Certificate Policies (CP) and Certification Practice Statements (CPS).
• Review and manage audit logs for CA operations and maintain documentation for compliance.
• Implement role-based access control, separation of duties, and HSM usage per policy.
• Maintain accurate documentation of PKI processes, configurations, and procedures.
• Implement and enforce revocation policies.

• An understanding of Public Key Infrastructure concepts, including certificate authorities (Root, Subordinate, Issuing), CRLs, OCSP, and key management.
• Windows Server Administration:
  Proficient in administering Windows Server, particularly Active Directory.
• Infrastructure Knowledge:
  Familiarity with DNS, DHCP, TCP/IP, and common network services.
• Ability to execute Power Shell scripts for automating certificate tasks and system checks.
• Awareness of role-based access control, key protection standards (e.g., FIPS 140-2), and separation of duties in secure environments.
• Experience using Microsoft Management Console (MMC) snap-ins, event logs, and SIEM platforms to identify and resolve issues proactively.
• Experience with IT asset management tools related to discovery and information collection.
• Understanding of backup procedures.
• Ability to document technical processes.
• Familiarity with incident, problem, and change management processes (ITIL).
• Cloud infrastructure experience (AWS, Azure, Intune).
• Familiarity with regulatory frameworks: NIST, GDPR, etc.
• Proficiency in technical documentation (MS Word, Visio, PowerPoint, Excel).

• Strong verbal and written communication skills for interacting with clients and documenting processes.
• Analytical mindset and problem-solving capability.
• Detail-oriented and compliance-focused.
• Comfortable working independently and in cross-functional teams.
• Can follow written processes.

• Desirable:
  CompTIA Security+, or a recognised Vendor Certification.
• Security Clearance: DV.

• Up to 5% employer pension contribution.
• 10% annual performance-related bonus.
• Annual charity donation of your choice.