Senior PKI Engineer Security Clearance

Position: Senior PKI Engineer with Security Clearance
Job Description Everforth ECS is seeking a Senior Public Key Infrastructure (PKI) Engineer to work in our Fairfax, VA office in a hybrid onsite/remote capacity. The Senior PKI Engineer will be responsible for the architecting, implementation, administration, automation, and maintenance of enterprise Public Key Infrastructure (PKI) systems and cryptographic services. This role supports secure authentication, encryption, digital signing, certificate lifecycle management, and enterprise trust services across complex environments.

The engineer will lead efforts to modernize and automate certificate management processes, reduce manual administration, and improve the scalability and security of PKI operations. Responsibilities include managing certificate authorities (CAs), automating certificate issuance and renewal workflows, integrating PKI services with enterprise platforms, and supporting compliance with cybersecurity standards and operational requirements.

Key Responsibilities
* Architect, deploy, configure, and maintain enterprise PKI environments and certificate authority infrastructure.
* Automate certificate lifecycle management processes including certificate issuance, renewal, revocation, rotation, and expiration monitoring.
* Develop and maintain automation scripts, APIs, and workflows for PKI and certificate management using tools such as Power Shell, Python, Ansible, Terraform, or similar technologies.
* Implement automated certificate enrollment and management solutions for servers, applications, network devices, containers, and cloud platforms.
* Administer internal and external certificate authorities (Microsoft CA, Entrust, Digi Cert, EJBCA, or similar platforms).
* Implement and maintain TLS/SSL certificates across enterprise systems and environments.
* Troubleshoot PKI-related issues involving authentication, encryption, trust relationships, and certificate validation.
* Support identity and access management integrations using certificates, smart cards, and multifactor authentication technologies.
* Ensure PKI systems comply with organizational security policies and applicable standards such as NIST, FIPS, DISA STIGs, FedRAMP, or FISMA requirements.
* Collaborate with cybersecurity, Dev Sec Ops , cloud, network, and systems engineering teams to integrate secure certificate management into enterprise platforms and CI/CD pipelines.
* Participate in incident response activities involving cryptographic systems, certificate compromise, or trust-related issues.
* Maintain technical documentation, architecture diagrams, standard operating procedures, and configuration baselines.
* Other duties, as assigned. Required Skills
* U . S. Citizen. No Dual Citizens.
* Candidate requires a Secret Clearance to Interview. Final clearance required is TS.
* Minimum 12 years of experience with no degree.
* Active DoD 8140 IAT Level II Security+ (or higher) or ability to obtain within 90 days of hire.
* Ability to work in a hybrid capacity, with up to 3 business days per week onsite in Fairfax, VA.
* Experience with:
* Administering enterprise PKI and certificate management environments.
* Automating certificate management and infrastructure processes.
* Microsoft Active Directory Certificate Services (AD CS) or comparable PKI platforms.
* Developing automation using Power Shell, Python, Bash, REST APIs, or infrastructure-as-code tools.
* Windows Server and/or Linux administration.
* Strong knowledge of:
* TLS/SSL protocols.
* Certificate authorities and registration authorities.
* PKI architecture and trust models.
* Cryptographic algorithms and key management.
* Smart card and MFA technologies.
* Understanding of enterprise security architecture and cybersecurity best practices.
* Ability to troubleshoot authentication and certificate-related issues across enterprise systems.
* Strong problem-solving and decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate solution.
* Highly developed interpersonal and oral/written communication skills, with the ability to effectively and professionally interact with a diverse set of stakeholders (from peers to end-users to executive management). Desired Skills
* Bachelor's degree in Cybersecurity, Computer Science, Information Technology, Engineering, or related field (or equivalent experience) with 8 years of experience.
* Experience with:
* Supporting cloud-native certificate services in AWS, Azure, or Google Cloud.
* Government, DoD, or regulated environments.
* Jira and Confluence
* Knowledge of Zero Trust architectures and identity-based security models.
* Familiarity with DISA STIGs, NIST 800-series publications, FedRAMP, or FISMA compliance requirements.
* Relevant certifications such as:
* CISSP
* Security+
* Microsoft Certified:
Identity and Access Administrator
* Certified Encryption Specialist (ECES)
* GIAC certifications #Everforth

ECS1 ECS Federal LLC is an equal…