**Job Title: PKI Engineer / PKI Specialist** **Job Summary:** We are looking for a skilled PKI Engineer to design, implement, and manage our Public Key Infrastructure systems. This role will be responsible for ensuring secure digital identity, encryption, and authentication mechanisms across the enterprise. The ideal candidate will have deep knowledge of certificate management, cryptographic standards, and experience with tools such as Microsoft ADCS, Venafi, DigiCert, or similar. **Key Responsibilities:** + Design, deploy, and maintain **PKI infrastructure** , including Certificate Authorities (CAs), Registration Authorities (RAs), and OCSP/CRL services. + Manage **digital certificates** for users, devices, services, and applications, ensuring proper issuance, renewal, and revocation. + Support **SSL/TLS certificate lifecycle management** , including integration with web servers, load balancers, and cloud services. + Configure and maintain Microsoft ADCS (Active Directory Certificate Services) or third-party PKI solutions (e.g., Venafi, DigiCert, Keyfactor). + Define and enforce **certificate policies and practices (CP/CPS)** and align with regulatory and internal compliance standards. + Implement **automated certificate management** using scripts or tools to reduce risk and operational overhead. + Troubleshoot PKI-related issues including certificate chain validation, enrollment errors, or CRL distribution problems. + Provide subject matter expertise on **cryptographic standards** , such as X.509, RSA, ECC, SHA-2, and quantum-safe practices. + Collaborate with cybersecurity, cloud, and infrastructure teams to ensure secure, scalable PKI deployments. + Assist in audits, penetration testing, and risk assessments related to encryption and identity assurance. **Required Qualifications:** + Bachelor’s degree in computer science, Cybersecurity, or a related field; or equivalent work experience. + 3+ years of experience in PKI design, administration, and support. + Hands-on experience with **Microsoft ADCS** and/or enterprise PKI platforms (e.g., Venafi, DigiCert, Keyfactor, AppViewX). + Deep understanding of **certificate lifecycle** , cryptographic algorithms, and standards (X.509, RSA, ECC, SHA, etc.). + Familiarity with **HSMs (Hardware Security Modules)** and key management practices. + Working knowledge of **TLS/SSL** , S/MIME, code signing, email encryption, and secure authentication protocols. + Scripting skills in **PowerShell** , **Python** , or Bash for automation. **Preferred Qualifications:** + Professional certifications (e.g., **GIAC GPEN, GCLD, CISSP, Microsoft Certified: Identity and Access Administrator Associate** ). + Experience with **DevOps/DevSecOps integration** for certificate issuance in CI/CD pipelines. + Knowledge of **quantum-resistant cryptography** and NIST PQC standards. + Experience with cloud PKI integration (e.g., AWS ACM, Azure Key Vault, Google Cloud KMS). Cognizant is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to sex, gender identity, sexual orientation, race, color, religion, national origin, disability, protected Veteran status, age, or any other characteristic protected by law.