PKI Engineer

Posted 26 November 2025
SalaryNegotiable
LocationDublin
Job type Contract
DisciplineIT
ReferenceBBBH8176_1764164770

Job description

Job Title: PKI Engineer
Location: Ireland-Remote
Job Type: Contract-US Shift

Client Overview
Our client is a major financial agency of the United Nations, and an international financial institution funded by 191 member countries, with headquarters in Washington, D.C

Qualifications:
These are the points that the candidate must have to be successful in this position and to move forward to an interview.

  • Experience working with cloud platforms, particularly Azure.
  • Previously implemented PKI, as hands-on experience in this area is essential.
  • A solid understanding of PKI architecture and its components is vital.
  • Knowledge of Identity and Access Management (IAM), Multi-Factor Authentication (MFA), and Single Sign-On (SSO).


Technical Skills-
These are the specific skills, and required level of experience, that a candidate must have to be successful in this position.

  • Strong technical knowledge of enterprise PKI operations, cryptographic algorithms (symmetric/asymmetric), digital signatures, with strong understanding of compliance, auditing, and key management.
  • Microsoft certifications (e.g., Azure Security Engineer, MCSA).
  • Knowledge of CA/B Forum, RFC 5280, RFC 6960 (OCSP).
  • Familiarity with containerized environments and Kubernetes certificate management.
  • Experience with Active Directory Certificate Services, GlobalSign, Sectigo, DigiCert, Keyfactor, OpenSSL, or other certificate management platforms. Understanding of OCSP, CA, RA, CRL, and BYOK configurations.
  • Comprehensive understanding of the PKI/HSM ecosystem, including technology, standards, implementations, and migration strategies.
  • Experience with developing scripts for administrative and automation tasks.
  • Collaborate with other IT and Operational teams to integrate PKI solutions with existing systems/applications.
  • Monitor and troubleshoot PKI related issues.
  • Assist and educate users/administrators with certificate enabled applications, such as SSL/TLS, S/MIME, Code Signing, Smartcard, 802.1x, EAP-TLS, etc.
  • Drive technical discussions to understand digital certificate services requirements.
  • Maintain and enhance global solutions for the digital certificate area ensuring high availability and disaster recovery.
  • Knowledge of PKI Standards including X.509, CP/CPS, CA/Browser Forum Baseline Requirements.

Responsibilities-

  • Lead the infrastructure protection strategy to create, evolve, and secure internal PKI and credential management security strategy.
  • Design, implement, and operate enterprise-grade PKI solutions, including internal and external Certificate Authorities (CAs), Hardware Security Modules (HSMs), and certificate lifecycle management platforms.
  • Create design components, develop code, and test changes using test-driven development methodologies.
  • Provide subject matter expertise in resolving complex problems related to PKI environment.
  • Manage, secure, engineer and provide governance for key and certificate management services, including robust, enterprise-grade PKI, certificate lifecycle management (CLCM), infrastructure automation and credential management (CMS) systems.
  • Implement and maintain automated certificate renewal programs; capture use-cases for certificate revocation, enrollment & renewal processes.
  • Monitor creation of encryption keys to ensure protection against modification and unauthorized disclosure.
  • Define Trust Strategies and understand security and governance requirements for Certification Authorities.
  • Architect and manage internal PKI infrastructure including CA, RA, CRL, OCSP, and HSM integrations.
  • Design and implement certificate lifecycle automation using ACME protocols, scripting (e.g., PowerShell, Python), and enterprise CLM tools.
  • Install and manage certificates across platforms: Windows, Linux/Unix, Apache, Tomcat, Java Keystore, F5, Azure Key Vault. · Implement digital certificate policies aligned with X.509 standards and CA/Browser Forum baseline requirements.
  • Develop and maintain Certificate Policy and Certificate Practice Statements (CP/CPS).
  • Provide PKI support for application integrations, including TLS/SSL, S/MIME, 802.1x, Smartcards, and Code Signing.
  • Collaborate with IAM, Infrastructure, Security, and Application teams to integrate PKI into broader identity solutions.
  • Contribute to change management and documentation using ITSM tools (ServiceNow, Remedy).
  • Maintain high availability and disaster recovery readiness for PKI infrastructure.
  • Track and report on PKI service metrics, SLAs, KPIs, and KRIs to ensure operational excellence.
  • Develop and maintain SOPs, technical documentation, and training materials.



If you are interested in this role or would like to discuss further, please call Nidhi on +353 1 645 5244 or email [email protected].

Candidate must have valid visa to work in Ireland (Stamp 1G/Stamp 4/EU Passport)