The PKI Operate Contractor will play a critical role in the day-to-day management and support of the organizations Public Key Infrastructure. This role is focused on hands-on operation, maintenance, and troubleshooting of CA environments, the administration of digital certificates, and the secure management of private keys using HSMs. The contractor will ensure high availability and resilience of PKI services by implementing robust operational procedures, performing vulnerability assessments, and maintaining detailed documentation. Additionally, the role requires efficient management of incoming support tickets and incidents related to PKI, ensuring all service requests are handled promptly and in accordance with established service levels. This position is vital for maintaining a secure and reliable cryptographic environment that supports enterprise security and compliance objectives.
Key Responsibilities
- Operate, configure, and maintain enterprise PKI operations.
- Administer the entire PKI certificate lifecycle, including certificate issuance, renewal, revocation, and archival.
- Enforce operational procedures for PKI private key generation, rotation, destruction, and auditing.
- Monitor, troubleshoot, and resolve PKI and digital certificate issues, ensuring uninterrupted cryptographic service delivery.
- Design, test, and implement high-availability, backup, and disaster recovery solutions for PKI infrastructure.
- Conduct vulnerability analysis on PKI infrastructure, apply remediations, and ensure regular patching and upgrade of PKI components.
- Implement robust, automated logging, auditing, and compliance reporting for all PKI operations.
- Integrate and automate certificate lifecycle processes using CLM tools such as Venafi, AppViewX, Keyfactor, or similar platforms.
- Maintain and regularly update detailed operational documentation and runbooks for PKI procedures and incidents.
- Track, manage, and resolve incoming support tickets related to PKI operations, ensuring timely response and resolution.
- Provide Tier 2/Tier 3 operational support for PKI-related incidents and participate in audits and compliance checks.
Required Skills
- 5+ years of hands-on experience in PKI operations, certificate authority support, and enterprise digital certificate management.
- Strong practical knowledge of HSM use for private key protection in PKI environments.
- Direct experience with Certificate Lifecycle Management (CLM) tools such as Venafi, AppViewX, Keyfactor, or equivalent.
- In-depth understanding of PKI architecture, digital certificate standards (X.509), and certificate lifecycle management practices.
- Experience implementing PKI high-availability, backup, and recovery processes.
- Proficiency in troubleshooting PKI infrastructure, CAs, and resolving certificate trust or availability issues.
- Practical knowledge of security best practices and compliance standards as they apply to PKI.
- Familiarity with automation and scripting for operational efficiency in PKI environments.
- Experience implementing access controls and audit logging for all PKI operations.
- Strong communication skills and a proven ability to deliver detailed operational documentation and provide incident support.
