Description
You design, deploy, and manage the internal Certificate Authority hierarchy using Microsoft ADCS.
Responsibilities
- Manage the complete certificate lifecycle, ensuring compliance with NIST and security best practices.
- Configure and maintain CRL and OCSP services, including load balancing and high availability.
- Troubleshoot PKI issues related to enrollment, revocation, and authentication across systems.
- Integrate and manage external PKI services (e.g., DigiCert) for public applications.
- Support use cases such as code signing, document signing, and device authentication.
Required Skills
- 5+ years of experience in PKI engineering or related security infrastructure.
- Strong knowledge of Microsoft ADCS, including offline Root CA and online Subordinate CA setup.
- Experience securing keys using HSMs (Hardware Security Modules).
- Proficiency with X.509 certificate standards and TLS/SSL implementation.
- Experience with certificate automation platforms like Venafi or ACME clients.
- Working knowledge of Active Directory, LDAP, and Kerberos authentication.
- Familiarity with external PKI providers and certificate issuance workflows.
- Understanding of NIST compliance standards.