Capgemini

PKI/PKE Engineer

Capgemini$100K — $120K *
San Antonio, TX 78228In-Person
Information Technology
Less than 5 years of experience
2 weeks ago
Job Overview by Ladders

Qualifications

  • 3+ years of experience in PKI/PKE administration
  • Bachelor's degree in computer science or related field
  • Deep knowledge of encryption methods (asymmetric/symmetric) and hashing algorithms
  • Proficient in scripting languages like PowerShell, Python, or OpenSSL
  • Familiar with certificate standards and compliance regulations (X.509, NIST SP 800-53)
  • Eligible for Secret level government security clearance or hold active clearance
  • CompTIA Security+ certification preferred

Responsibilities

  • Architect and manage multi-tier Certificate Authority hierarchies using industry tools
  • Enable web, mobile, and IoT applications to leverage certificates for secure communication
  • Implement and manage Certificate Lifecycle Management tools for automation
  • Oversee the lifecycle management of Hardware Security Modules (HSMs)
  • Draft and enforce compliance documentation for legal and regulatory standards
  • Lead efforts to transition to Post-Quantum Cryptography for enhanced security
  • Serve as Subject Matter Expert on certificate outages and revocation processes

Benefits

  • Paid time off
  • Medical, dental, and vision insurance
  • 401(k) plan
  • Eligibility for variable compensation and bonuses
Full Job Description
PKI/PKE Engineer will be tasked to design, implement, and operate systems that enable secure digital identity and data confidentiality. This role serves as the technical lead for Certificate Authorities (CAs), Hardware Security Modules (HSMs), and the integration of encryption services across enterprise workflows.

Responsibilities
  • Architect and maintain multi-tier Certificate Authority hierarchies (Root, Subordinate, and Issuing CAs) using Microsoft ADCS, Entrust, or DigiCert.
  • "Enable" applications (Web, Mobile, IoT) to use certificates for S/MIME email encryption, TLS/SSL, and 802.1X network authentication.
  • Implement and manage Certificate Lifecycle Management (CLM) tools like Venafi, Keyfactor, or AppViewX to automate renewals and prevent outages
  • Manage the physical and logical lifecycle of Hardware Security Modules (HSMs) such as Thales/nCipher or Utimaco.
  • Draft and enforce the Certificate Policy (CP) and Certification Practice Statement (CPS) to ensure legal and regulatory compliance (e.g., FIPS 140-2/3).
  • Lead the transition to Post-Quantum Cryptography (PQC) algorithms to protect against "harvest now, decrypt later" threats.
  • Act as the SME for certificate-related outages, compromised keys, or emergency revocation (CRL/OCSP) procedures.

Requirements
  • Minimum of 3+ years of progressive experience in PKI/PKE administration
  • Bachelor's degree in computer science, or a related field.
  • Deep understanding of asymmetric/symmetric encryption, hashing algorithms (SHA-256/384), and protocols (OCSP, SCEP, EST, CMP).
  • Proficiency in PowerShell, Python, or OpenSSL for automating certificate requests and inventorying.
  • Familiarity with X.509, NIST SP 800-53/175, and RFC 5280.
  • Ability to obtain Secret level government security clearance / Active clearance preferred
  • Ability to obtain CompTIA Security+ / Active certification preferred

Capgemini discloses salary range information in compliance with state and local pay transparency obligations. The disclosed range represents the lowest to highest salary we, in good faith, believe we would pay for this role at the time of this posting, although we may ultimately pay more or less than the disclosed range, and the range may be modified in the future. The disclosed range takes into account the wide range of factors that are considered in making compensation decisions including, but not limited to, geographic location, relevant education, qualifications, certifications, experience, skills, seniority, performance, sales or revenue-based metrics, and business or organizational needs. At Capgemini, it is not typical for an individual to be hired at or near the top of the range for their role. The base salary range for the tagged location is $100k-$120k.
This role may be eligible for other compensation including variable compensation, bonus, or commission. Full time regular employees are eligible for paid time off, medical/dental/vision insurance, 401(k), and any other benefits to eligible employees.
Note: No amount of pay is considered to be wages or compensation until such amount is earned, vested, and determinable. The amount and availability of any bonus, commission, or any other form of compensation that are allocable to a particular employee remains in the Company's sole discretion unless and until paid and may be modified at the Company's sole discretion, consistent with the law.

About Capgemini

Capgemini is a global leader in consulting, digital transformation, technology and engineering services. The company is headquartered in Paris, France and operates in over 50 countries. Capgemini provides a range of services including strategy and transformation, application services, technology services, and engineering services. The company serves clients in a variety of industries including automotive, consumer products, financial services, healthcare, and retail.
Learn more about Capgemini
Industry
Information Technology
Founded
1967
NASDAQ
CGEMY
* Ladders Estimates

Similar Jobs

Ad banner background

Get Ready For Your
Next Interview

More Jobs at Capgemini

More Information Technology Jobs

Find similar PKI/PKE Engineer jobs:

NationwideSan Antonio, TX