PKI Engineer


April 8, 2021

Fremont, CA, US

The Role
We are currently looking for a highly-motivated, dependable, and self-driven PKI Engineer, experienced in Active Directory Certificate Services (ADCS) administration to join our team. You will be responsible for design, implementation, and administration of several production PKIs globally. You will utilize extensive knowledge in server systems, such as: ADCS, Active Directory, Azure Active Directory, Windows Server (2008 through 2019) primarily as well as skill in Linux (CentOS and Ubuntu) secondarily. Work station support of certificate key/trust stores for Windows10 and MacOS. Working knowledge of PowerShell, Bash, Python and/or DOS scripting will be required to automate tasks. Must have strong skills in creating and maintaining highly available services, performance monitoring, troubleshooting, and relentless documentation.
  • 99.999% uptime for CRL and OCSP Services
  • Process and service documentation
  • Maintain ADCS systems running Windows Server 2016/2019 as per documented configuration procedures and standards
  • Gap analysis on these procedures and practices in relation to ADCS availability
    (understanding what patches or configurations may adversely affect or benefit the service)
  • Monitoring availability and performance of CRL, OCSP and Web enrollment services
  • Network Vlans troubleshooting, presenting evidence of same to partner teams for resolution
  • Triage incoming requests for consultations and SSL certificates
  • End-user and application owner support in certificate enrollment and key management
  • DRP service tuning and game day testing of same
  • Triage service issues and production impairment within the SLA timelines and provide detailed post mortem reports as required
  • Develop and augment automation through scripting or programming
  • Work collaboratively with staff from partner teams
  • Document tasks, procedures, environments in configuration and maintenance of PKI.
  • Solid understanding of certificate and security best practices and the ability to implement them.
  • Must participate in 24/7 on-call rotation.

  • BS in Computer Science or related field
  • At least 5 years’ experience in Windows Server and desktop administration, ADCS and PKI
  • Demonstrable ability to solve problems and automate tasks programmatically
  • Experience with support of mission-critical, large-scale operations, that run 24x7
  • Effective verbal and written communications skills
  • Excellent customer support skills in complex topics, such as PKI and cryptography
  • Understanding of basic cryptography concepts and best practices
  • A desire to grow into and passion for in-depth PKI and certificate implementation