PKI​/PKE Engineer

Overview

Capgemini Government Solutions (CGS) LLC is seeking a PKI/PKE Engineer to support mission‑critical government clients. The ideal candidate will collaborate with a high‑performing team, engage with a broad range of stakeholders, and play a key role in expanding CGS capabilities while continuing to grow their technical and consulting expertise.

PKI/PKE Engineer will be tasked to design, implement, and operate systems that enable secure digital identity and data confidentiality. This role serves as the technical lead for Certificate Authorities (CAs), Hardware Security Modules (HSMs), and the integration of encryption services across enterprise workflows.

• Architect and maintain multi‑tier Certificate Authority hierarchies (Root, Subordinate, and Issuing CAs) using Microsoft ADCS, Entrust, or Digi Cert.
• "Enable" applications (Web, Mobile, IoT) to use certificates for S/MIME email encryption, TLS/SSL, and 802.1X network authentication.
• Implement and manage Certificate Lifecycle Management (CLM) tools like Venafi, Keyfactor, or AppViewX to automate renewals and prevent outages.
• Manage the physical and logical lifecycle of Hardware Security Modules (HSMs) such as Thales/nCipher or Utimaco.
• Draft and enforce the Certificate Policy (CP) and Certification Practice Statement (CPS) to ensure legal and regulatory compliance (e.g., FIPS 140‑2/3).
• Lead the transition to Post‑Quantum Cryptography (PQC) algorithms to protect against "harvest now, decrypt later" threats.
• Act as the SME for certificate‑related outages, compromised keys, or emergency revocation (CRL/OCSP) procedures.

• Minimum of six years of progressive experience in PKI/PKE administration.
• Bachelor's degree in computer science, or a related field.
• Deep understanding of asymmetric/symmetric encryption, hashing algorithms (SHA‑256/384), and protocols (OCSP, SCEP, EST, CMP).
• Proficiency in Power Shell, Python, or OpenSSL for automating certificate requests and inventorying.
• Familiarity with X.509, NIST SP 800‑53/175, and RFC 5280.
• Ability to obtain Secret level government security clearance / Active clearance preferred.
• Ability to obtain CompTIA Security+ / Active certification preferred.

All qualified applicants will be considered for employment based on their skills and merit. This employer is required to notify all applicants of their rights pursuant to federal employment laws. For further information, please review the Know Your Rights notice from the Department of Labor.

Applicants for employment in the US must have valid work authorization that does not now and/or will not in the future require sponsorship of a visa for employment authorization in the US by Capgemini.