Senior PKI Engineer

Job Description

Insight Global is seeking a Senior PKI Engineer to join the Global Information Security (GIS) team at a Fortune 50 financial institution. This ideal candidate will design, implement, and operate enterprise-grade Public Key Infrastructure (PKI) services with a strong focus on Microsoft Active Directory Certificate Services (AD CS) and Active Directory (AD) integration. They will need to have hands‑on implementation and integration knowledge of certificate lifecycle management, CA hierarchy governance, enrollment automation, HSM‑backed key protection, CA backup/restore, migration, and integration with Windows Server, Linux, network/security devices, cloud providers, MDM/EDR, and zero‑trust tools.

• Design and maintain enterprise PKI architectures including Root, Policy, and Issuing CAs.
• Integrate PKI with Active Directory, Entra , Intune/MDM, GPOs, and Azure AD.
• Develop certificate lifecycle policies including revocation and renewal.
• Implement HSM‑backed key storage and disaster recovery designs.

• Own certificate lifecycle management including automation.
• Manage CRL and OCSP publication and availability.
• Implement scripting and automation using Power Shell and APIs.
• Operate and maintain secure PKI infrastructure.

• Apply strong key management practices and CA hardening baselines.
• Perform PKI risk assessments and access reviews.
• Lead incident response for PKI‑related outages.
• Maintain compliance with NIST, CA/B Forum, and internal frameworks.

We are a company committed to creating diverse and inclusive environments where people can bring their full, authentic selves to work every day. We are an equal opportunity/affirmative action employer that believes everyone matters. Qualified candidates will receive consideration for employment regardless of their race, color, ethnicity, religion, sex (including pregnancy), sexual orientation, gender identity and expression, marital status, national origin, ancestry, genetic factors, age, disability, protected veteran status, military or uniformed service member status, or any other status or characteristic protected by applicable laws, regulations, and ordinances.

If you need assistance and/or a reasonable accommodation due to a disability during the application or recruiting process, please send a request to  To learn more about how we collect, keep, and process your private information, please review Insight Global's Workforce Privacy Policy:

• 8+ years in Security Engineering or Identity Infrastructure.
• 5+ years hands‑on with Microsoft AD CS and enterprise PKI.
• Deep knowledge of X.509, CRLs, OCSP, EKUs, RSA/ECC, SHA-2.
• Strong Power Shell, Python, or C# scripting and Windows Server administration skills.
• Experience with Linux PKI, TLS/SSL, VPN authentication.
• Azure PKI integrations and HSM experience (Thales, Entrust, nCipher).