×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cybersecurity Systems Engineer

ICA Security Engineer Information Technology - Analysts

Job in Jersey City, Hudson County, New Jersey, 07390, USA
Listing for: Comforcehealth
Contract position
Listed on 2026-02-21
Job specializations:
  • Engineering
    Cybersecurity, Systems Engineer
Salary/Wage Range or Industry Benchmark: 72 - 77 USD Hourly USD 72.00 77.00 HOUR
Job Description & How to Apply Below
Position: ICA Security Engineer (4 Roles) - Information Technology - Analysts

ICA Security Engineer (4 Roles) - Information Technology

Job  Charlotte , North Carolina Job Type: Contract Added - a day ago

Job Description

A client of Innova Solutions is immediately hiring for an PKI Security Engineer/ICA Security Engineer.

Position type: Contract

Duration: 12 to 18 months

Location: 5 days onsite in a week in Charlotte, NC.

As a PKI Security Engineer/ICA Security Engineer, you will:

Top Skills
  • 5+ years of hands experience with Microsoft Active Directory Certificate Services(ADCS)
  • 3+ years of experience designing, deploying, and operating multi-tier Microsoft Public Key Infrastructure (offline root, issuing CAs) in large/complex environments.
  • 2+ years of Strong Power Shell experience

Details:

Senior PKI Engineer to design, implement, and operate enterprise-grade Public Key Infrastructure (PKI) services with a strong focus on Microsoft Active Directory Certificate Services (AD CS) and Active Directory (AD) integration. Hands‑on implementation and integration knowledge of certificate lifecycle management, CA hierarchy governance, enrollment automation, HSM‑backed key protection, CA backup restore, migration and integration with platforms such as Windows Server, Linux, network/security devices, cloud providers, MDM/EPP, and zero‑trust tooling.

Subject matter expert for cryptographic standards, certificate‑based authentication, and PKI security controls across the organization.

Key Responsibilities
  • Architecture & Design:
    Design and maintain enterprise PKI architectures (Root CA, Policy CA, Issuing CA) with offline/air‑gapped roots, secure key ceremonies, key usage, and issuance workflows and robust CRL/OCSP distribution.
  • Integrate PKI with Active Directory (incl. AD forests/domains, AD CS, AIA/CDP locations, GPOs), and Azure AD/Entra  applicable (e.g., certificate‑based auth).
  • Engineer solutions for mutual TLS, 802.1X (wired/wireless/VPN), device identity, code signing, S/MIME, Bit Locker, and disk/volume encryption certs.
  • Key sizes, algorithms (RSA, ECC and PQC) encryption and hashing.
  • Implement HSM‑backed key storage for CAs and code signing; lead key ceremonies, disaster recovery designs.
  • Operations & Automation:
    Own certificate lifecycle management (issuance, renewal, revocation) including automation via Intune, GPO/Autoenrollment, SCEP/NDES, ACME, or MDM connectors.
  • Manage CRL/OCSP publication, monitoring, and availability, design highly available, geo‑distributed revocation endpoints.
  • Implement scripting/automation (Power Shell, APIs) for bulk issuance, inventory, renewal, and drift detection. Enabling separation of duties for secure operation of PKI infrastructure.
  • CA backup, restore renewal and migration strategy.
Security & Compliance
  • Apply strong key management practices (FIPS 140-2/140-3), certificate assurance levels, and secure CA hardening baselines.
  • Regularly perform PKI risk assessments, access reviews, and control testing (e.g., template permissions, EKU misuse, issuance constraints).
  • Lead root cause analysis and incident response for certificate/PKI‑related outages or security events.
  • Maintain alignment with NIST, CAB Forum, Microsoft Security Baselines, and internal compliance frameworks (e.g., SOX, PCI, HIPAA, ISO 27001) as applicable.
Minimum Qualifications
  • 8+ years in Security Engineering/Identity Infrastructure, including 5+ years hands‑on with Microsoft AD CS and enterprise Active Directory with managing CA infra.
  • Proven experience designing, deploying, and operating multi‑tier Microsoft PKI (offline root, issuing CAs) in large/complex environments.
  • Deep knowledge of X.509, CRL/OCSP, EKU/KU, SANs, key algorithms and sizes (RSA/ECC), hashing (SHA‑2), and certificate validation paths.
  • Strong Power Shell and Windows Server administration; GPOs, autoenrollment, templates, AIA/CDP configuration.
  • Experience with 802.1X/EAP‑TLS, TLS/mTLS, VPN auth, and device/user certificate issuance at scale.
  • HSM experience (e.g., nCipher/Entrust/Thales) for CA key management.

Qualified candidates should APPLY NOW for immediate consideration!

This position is only open to applicants who can be engaged on a W‑2 basis.

Please hit APPLY to provide the required information, and we will be back in touch as…

To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)

Job Posting Language
Employment Category
Education (minimum level)
Filters
Education Level
Experience Level (years)
Posted in last:
Salary
Advanced Search