Senior Public Key Infrastructure (PKI) Engineer

ZTI Solutions LLC

$100K — $130K *
Dhs, VA 20598In-Person
Aerospace & Defense
8 - 10 years of experience
Job Overview by Ladders

Qualifications

  • U.S. Citizen with an active Secret clearance; eligible for Top Secret (sponsorship provided).
  • DoD 8140 IAT Level II certification (Security+ CE or higher), or ability to obtain within 90 days.
  • 8+ years of systems/security engineering experience with 4+ years focused on enterprise PKI (or 12 years total without a degree).
  • Experience administering Microsoft Active Directory Certificate Services (AD CS) or comparable enterprise PKI platforms.
  • Strong understanding of X.509, CRL/OCSP, cryptographic algorithms, and key management.

Responsibilities

  • Architect, deploy, administer, and maintain enterprise PKI environments and Certificate Authority (CA) infrastructure.
  • Design and manage enterprise server certificate strategies across various platforms.
  • Automate certificate lifecycle management using tools such as PowerShell, Python, and Terraform.
  • Deploy, manage, and troubleshoot TLS/SSL certificates and trust chains across the enterprise.
  • Support Zero Trust initiatives through machine identity and certificate-based trust.
  • Participate in incident response for certificate compromise events.
  • Provide technical leadership and mentorship to junior engineers.

Benefits

  • 4 weeks PTO plus all federal holidays paid.
  • 100% company-paid medical, dental, and vision for employees and their families.
  • 4% matching 401(k).
  • Professional training and certification reimbursement.
  • Flexible hybrid work environment.
Full Job Description
About the Job

Summary:

ZTI Solutions is seeking a Senior Public Key Infrastructure (PKI) Engineer to architect, automate, and modernize enterprise PKI supporting Department of Defense and Federal customers.

This position focuses on enterprise server PKI, certificate lifecycle automation, and infrastructure trust services, not end-user certificate administration. You will modernize CA infrastructure, automate certificate management at scale, support post-quantum cryptography transition planning, and help shape Zero Trust initiatives in mission-critical DoD environments.

ZTI will sponsor Top Secret clearance processing. Benefits include 100% company-paid medical, dental, and vision for you and your family, 4 weeks PTO, and certification reimbursement.

Key Responsibilities:

  • Architect, deploy, administer, and maintain enterprise PKI environments and Certificate Authority (CA) infrastructure, including Microsoft Active Directory Certificate Services (AD CS).
  • Design and manage enterprise server certificate strategies across Windows, Linux, virtualization, cloud, web services, APIs, and load balancers.
  • Automate certificate lifecycle management (issuance, renewal, revocation, expiration monitoring, key rotation, reporting) using ACME, SCEP/EST, REST APIs, PowerShell, Python, Bash, Ansible, or Terraform.
  • Deploy, manage, and troubleshoot TLS/SSL certificates, trust chains, and certificate validation across the enterprise.
  • Integrate PKI services with Active Directory, Azure, AWS, virtualization platforms, and DevSecOps pipelines.
  • Support Zero Trust initiatives through machine identity and certificate-based trust.
  • Support planning for post-quantum cryptography and CNSA 2.0 migration.
  • Ensure PKI environments comply with NIST, FIPS, DISA STIGs, and RMF requirements.
  • Participate in incident response for certificate compromise or trust-related events.
  • Maintain technical documentation, architecture diagrams, SOPs, and configuration baselines.
  • Provide technical leadership and mentorship to junior engineers.


Requirements:

  • U.S. Citizen with an active Secret clearance; eligible for Top Secret (ZTI sponsors processing).
  • Hybrid: up to 3 days/week onsite in Fairfax, VA.
  • DoD 8140 IAT Level II certification (Security+ CE or higher), or ability to obtain within 90 days.
  • 8+ years of systems/security engineering experience with 4+ years focused on enterprise PKI (or 12 years total without a degree).
  • Experience administering AD CS or comparable enterprise PKI platforms.
  • Experience automating certificate lifecycle management at scale.
  • Experience administering Windows Server and/or Linux.
  • Strong understanding of X.509, CRL/OCSP, enterprise trust models, cryptographic algorithms, and key management.
  • Excellent analytical, problem-solving, and communication skills.


Preferred Qualifications:

  • CISSP, Azure Security Engineer Associate, or AWS Certified Security - Specialty.
  • Experience with Entrust, DigiCert, EJBCA, Keyfactor, Venafi, or similar platforms.
  • Hardware Security Module (HSM) experience.
  • Azure Government, AWS GovCloud, or hybrid cloud environments.
  • PKI integration with Kubernetes, containers, or service mesh.
  • Experience supporting DoD RMF, FedRAMP, or CMMC compliance initiatives.


Benefits:

  • 4 weeks PTO plus all federal holidays paid.
  • 100% company-paid medical, dental, and vision for employees and their families.
  • 4% matching 401(k).
  • Professional training and certification reimbursement.
  • Flexible hybrid work environment.


Similar Jobs

More Jobs at ZTI Solutions LLC

More Aerospace & Defense Jobs

Find similar Senior Public Key Infrastructure (PKI) Engineer jobs: