Senior PKI Engineer

Summary of the role:
Own day-to-day operation and reliability of enterprise PKI and certificate lifecycle services across hybrid/multi-cloud.

Key Responsibilities (Run/Operations):
Operate issuing CAs (ADCS / EJBCA / Entrust) including templates/profiles, CRL/OCSP publishing, AIA/CDP endpoints, HA/DR.
Administer CLM platforms (Keyfactor/Venafi): automated renewals, discovery scans, inventory accuracy, connector health.
Monitor SLOs & alerts (issuance latency, renewal success, OCSP availability, expiry coverage); drive incident response & RCA.
Execute key ceremonies, HSM operations (nShield/Thales), custody logs, backup/restore and DR tests.
Troubleshoot TLS/mTLS, chain building, cipher/ALPN, OCSP stapling, trust store issues (servers, devices, service meshes).
Maintain runbooks, change patterns, patching cadence, RBAC reviews; support audits and evidence collection (CP/CPS adherence).
Partner with app/network/cloud teams to onboard use cases (serve...