Senior Certificate Engineer; PKI​/Active Directory

Position: Senior Certificate Engineer (PKI / Active Directory)
Be part of a team that unleashes the power of leading-edge technologies to help improve the health and well-being of those most vulnerable in our country and communities. Working at Gainwell carries its rewards. You'll have an incredible opportunity to grow your career in a company that values work flexibility, learning, and career development. You'll add to your technical credentials and certifications while enjoying a generous, flexible vacation policy and educational assistance.

We also have comprehensive leadership and technical development academies to help build your skills and capabilities.

Summary

We are seeking a highly skilled Senior Certificate Engineer to design, implement, and manage enterprise Public Key Infrastructure (PKI) solutions. This role will focus on Active Directory Certificate Services (AD CS), public certificate authority integrations, and end-to-end certificate lifecycle management across hybrid environments.

The ideal candidate has deep expertise in Microsoft PKI architecture, certificate automation, and identity/security integration, along with experience working with public CAs (e.g., Digi Cert, Entrust, Sectigo) in a large-scale enterprise environment.

Your role in our mission

PKI Architecture & Engineering

• Design and maintain enterprise PKI solutions, including offline root CAs, issuing CAs, and certificate policies
• Lead PKI modernization efforts, including hybrid and cloud-integrated certificate services
• Architect solutions that support high availability, scalability, and security compliance

Active Directory Integration

• Implement and manage Active Directory Certificate Services (AD CS)
• Configure and maintain:
• Certificate templates
• Group Policy-based auto-enrollment
• CRL distribution points (CDPs) and AIA locations
• Integrate PKI with Active Directory, Azure AD, and hybrid identity environments

Public Certificate Authority Management

• Manage enterprise relationships and integrations with external/public CAs
• Oversee procurement, issuance, renewal, and revocation of public SSL/TLS certificates
• Integrate public CA services into automation workflows and enterprise platforms

Certificate Lifecycle Management

• Manage certificate lifecycle processes including:
• Issuance
• Renewal
• Revocation
• Expiration monitoring
• Implement automation using tools such as:
• Power Shell
• ACME / EST / SCEP protocols
• Certificate management platforms

Security & Compliance

• Ensure PKI solutions meet enterprise security policies and regulatory requirements (e.g., NIST, CIS, HIPAA, PCI)
• Conduct risk assessments related to certificate usage and cryptographic standards
• Maintain secure key management practices, including HSM integration where applicable

Operations & Troubleshooting

• Provide Tier 3 escalation support for PKI and certificate-related issues
• Troubleshoot:
• Authentication failures (TLS, smart card, etc.)
• Certificate chain issues
• Revocation and CRL distribution problems
• Develop monitoring, alerting, and reporting for certificate health and usage

Automation & Innovation

• Develop and maintain automation scripts and workflows for certificate deployment and management
• Integrate PKI processes with:
• Service Now
• Azure services
• Dev Ops pipelines
• Drive adoption of modern certificate management solutions and practices

What we're looking for

• Bachelor's degree in Computer Science, Information Technology, or related field (or equivalent experience)
• 7+ years of experience in:
• Enterprise PKI engineering
• Active Directory administration
• Strong experience with:
• Active Directory Certificate Services (AD CS)
• Windows Server environments
• Public certificate authorities (Digi Cert, Entrust, Sectigo, etc.)
• Proficiency in scripting and automation (Power Shell preferred)
• Deep understanding of:
• X.509 certificates
• TLS/SSL protocols
• Cryptographic algorithms and standards

What you should expect in this role

• Remote position (US continental only)
• Opportunities to travel through your work (0-10%)
• Video cameras must be used during all interviews, as well as during the initial week of orientation
• The deadline to submit applications for this posting is 6/30/2026

The pay range for this position is $85,000.00 - $ per year, however, the base pay offered may vary depending on geographic region, internal equity, job-related knowledge, skills, and experience among other factors. Put your passion to work 'll have the opportunity to grow your career in a company that values work flexibility, learning, and career development. All salaried, full-time candidates are eligible for our generous, flexible vacation policy, a 401(k) employer match, comprehensive health benefits , and educational assistance.

We also have a variety of leadership and technical development academies to help build your skills and capabilities.

We believe nothing is impossible when you bring together people who care deeply about making healthcare work better for everyone. Build your career with Gainwell, an industry leader. You'll be joining a company where collaboration, innovation, and inclusion fuel our growth. Learn more about Gainwell at our company…