PKI Engineer

Posted 26 November 2025
SalaryNegotiable
LocationDublin
Job type Contract
DisciplineIT
ReferenceBBBH8176_1764164770

Job description

Job Title: PKI Engineer
Location: Ireland-Remote
Job Type: Contract-US Shift

Client Overview
Our client is a major financial agency of the United Nations, and an international financial institution funded by 191 member countries, with headquarters in Washington, D.C

Qualifications:
These are the points that the candidate must have to be successful in this position and to move forward to an interview.

  • Experience working with cloud platforms, particularly Azure.

  • Previously implemented PKI, as hands-on experience in this area is essential.

  • A solid understanding of PKI architecture and its components is vital.

  • Knowledge of Identity and Access Management (IAM), Multi-Factor Authentication (MFA), and Single Sign-On (SSO).


Technical Skills:
These are the specific skills, and required level of experience, that a candidate must have to be successful in this position.

  • Strong technical knowledge of enterprise PKI operations, cryptographic algorithms (symmetric/asymmetric), digital signatures, with strong understanding of compliance, auditing, and key management.

  • Microsoft certifications (e.g., Azure Security Engineer, MCSA).

  • Knowledge of CA/B Forum, RFC 5280, RFC 6960 (OCSP).

  • Familiarity with containerized environments and Kubernetes certificate management.

  • Experience with Active Directory Certificate Services, GlobalSign, Sectigo, DigiCert, Keyfactor, OpenSSL, or other certificate management platforms. Understanding of OCSP, CA, RA, CRL, and BYOK configurations.

  • Comprehensive understanding of the PKI/HSM ecosystem, including technology, standards, implementations, and migration strategies.

  • Experience with developing scripts for administrative and automation tasks.

  • Collaborate with other IT and Operational teams to integrate PKI solutions with existing systems/applications.

  • Monitor and troubleshoot PKI related issues.

  • Assist and educate users/administrators with certificate enabled applications, such as SSL/TLS, S/MIME, Code Signing, Smartcard, 802.1x, EAP-TLS, etc.

  • Drive technical discussions to understand digital certificate services requirements.

  • Maintain and enhance global solutions for the digital certificate area ensuring high availability and disaster recovery.

  • Knowledge of PKI Standards including X.509, CP/CPS, CA/Browser Forum Baseline Requirements.

Responsibilities:

  • Lead the infrastructure protection strategy to create, evolve, and secure internal PKI and credential management security strategy.

  • Design, implement, and operate enterprise-grade PKI solutions, including internal and external Certificate Authorities (CAs), Hardware Security Modules (HSMs), and certificate lifecycle management platforms.

  • Create design components, develop code, and test changes using test-driven development methodologies.

  • Provide subject matter expertise in resolving complex problems related to PKI environment.

  • Manage, secure, engineer and provide governance for key and certificate management services, including robust, enterprise-grade PKI, certificate lifecycle management (CLCM), infrastructure automation and credential management (CMS) systems.

  • Implement and maintain automated certificate renewal programs; capture use-cases for certificate revocation, enrollment & renewal processes.

  • Monitor creation of encryption keys to ensure protection against modification and unauthorized disclosure.

  • Define Trust Strategies and understand security and governance requirements for Certification Authorities.

  • Architect and manage internal PKI infrastructure including CA, RA, CRL, OCSP, and HSM integrations.

  • Design and implement certificate lifecycle automation using ACME protocols, scripting (e.g., PowerShell, Python), and enterprise CLM tools.

  • Install and manage certificates across platforms: Windows, Linux/Unix, Apache, Tomcat, Java Keystore, F5, Azure Key Vault. · Implement digital certificate policies aligned with X.509 standards and CA/Browser Forum baseline requirements.

  • Develop and maintain Certificate Policy and Certificate Practice Statements (CP/CPS).

  • Provide PKI support for application integrations, including TLS/SSL, S/MIME, 802.1x, Smartcards, and Code Signing.

  • Collaborate with IAM, Infrastructure, Security, and Application teams to integrate PKI into broader identity solutions.

  • Contribute to change management and documentation using ITSM tools (ServiceNow, Remedy).

  • Maintain high availability and disaster recovery readiness for PKI infrastructure.

  • Track and report on PKI service metrics, SLAs, KPIs, and KRIs to ensure operational excellence.

  • Develop and maintain SOPs, technical documentation, and training materials.



If you are interested in this role or would like to discuss further, please call Nidhi on +353 1 645 5244 or email [email protected].

Candidate must have valid visa to work in Ireland (Stamp 1G/Stamp 4/EU Passport)