About the RoleCTG is seeking a
PKI Architect to design, implement, and modernize enterprise Public Key Infrastructure (PKI) and identity trust services supporting mission-critical federal systems. This role is ideal for a senior technical architect with deep expertise in cryptographic systems, identity security, and scalable infrastructure design across complex, highly secure environments.
You Will Get To- Design, implement, and evolve PKI architectures that enable secure authentication and Zero Trust initiatives
- Build and support cloud-native solutions across AWS and Azure environments.
- Automate infrastructure, deployments, and operational processes using Ansible and CI/CD pipelines.
- Partner with security and engineering teams to implement DevSecOps practices and secure software delivery.
- Support compliance initiatives aligned with FIPS, NIST 800-53, FISMA, and Zero Trust Architecture principles.
- Monitor, troubleshoot, and optimize application and platform performance using security and observability tools.
Who You Are- A collaborative engineer who enjoys solving complex technical and security challenges.
- Passionate about building scalable, secure, and reliable cloud-based solutions.
- Comfortable working across application development, cloud infrastructure, identity, and security domains.
- Skilled at balancing technical innovation with operational excellence and compliance requirements.
- An effective communicator who can work with cross-functional teams and stakeholders.
Qualifications- Bachelor's degree in Computer Science, Cybersecurity, Information Systems, Engineering, Mathematics, or a related technical field (or equivalent experience)
- 4+ years of professional experience in PKI architecting, cybersecurity engineering, identity and access management (IAM), infrastructure/security architecture, or enterprise platform engineering (not limited to application development)
- Experience designing and supporting PKI solutions in FICAM and Federal PKI (FPKI) environments.
- Experience with X.509 certificate lifecycle management, automation, and policy development.
- Knowledge of X.509 certificate policies and CA/Browser Forum standards.
- Experience implementing certificate automation using ACME.
- Experience with Hardware Security Modules (HSMs) and cryptographic key management.
- Familiarity with Post-Quantum Cryptography (PQC) concepts and migration strategies.
- Experience with PKI platforms including DigiCert, Entrust, Microsoft AD CS, and Let's Encrypt.
- Experience supporting CAC/PIV smart cards, server, code-signing, and S/MIME certificates, including certificate trust chains and validation.
- Experience with cloud platforms such as AWS and/or Azure.
- Familiarity with DevSecOps practices, CI/CD pipelines, and source control platforms such as GitHub Enterprise.
- Understanding of security frameworks and standards including NIST, FISMA, FIPS, and Zero Trust principles.
Nice to Have- Experience using Docker and Kubernetes.
- Experience with Shibboleth, CyberArk, or HashiCorp Vault.
- Experience with Splunk, Tenable, Checkmarx, SonarQube, or related security tooling.
- Experience with STIG hardening, vulnerability management, or compliance programs.
- Familiarity with PIV authentication and identity governance solutions.
- Experience supporting highly regulated environments, including federal or public sector organizations.
- Relevant cloud, security, or architecture certifications.
Client Requirements- Applicants must be U.S. Citizens
- Ability to obtain a Public Trust clearance
SalaryWe are committed to offering a competitive salary for this position, with an estimated range of $110,000 to $150,000 annually. Please note that this range is intended to provide a general idea of what to expect. The final offer may vary based on experience, skills, and other factors.
Full Time Employee Benefits- Remote Work (Hybrid roles will be specified in the job post)
- Competitive Compensation Package
- Medical, Dental, and Vision
- Life Insurance, Short/Long Term Disability
- Employee Assistance Program
- 401(k) with 4% matching
- Liberal PTO vacation policy
- Generous Annual Continuing Education
- Annual Wellness Budget
- Bonus Incentive Programs (Employee referrals and performance-based rewards)
Thanks for your interest in Capital Technology Group! 
