PKI Engineer with Security Clearance

---

Job description

Job#: Job Description: Apex Systems is seeking a Senior PKI Engineer to support the Department of State. If interested, please email email protected your resume
Position: PKI Engineer
Location: Fully onsite in Springfield, VA
Hours: Mon-Fri 3PM-11PM
Job type: 6+ month contract, potential to extend
Salary: 150,000/yr
Clearance: Active secret required at minimum Position Description: The Vanguard 2.2.1 contract currently has an opening for a Public Key Infrastructure (PKI) Systems Engineer to support the Department of State (DoS) Bureau of Information Resource Management (IRM) PKI program. This program provides transparent security services in support of the Department's goals to secure communications among Department staff and systems. The position falls under the "SI Division support service line of the contract. This is a fantastic opportunity for a great Systems Engineer to expand their skillset and learn PKI! It will be a senior level PKI engineering position, providing PKI engineering and integration support, administering, maintaining, and deploying various PKI systems on prem and in cloud. The preferred candidate must possess strong skills in designing, installing, configuring, and maintaining PKI systems. Additionally, the preferred candidate should have some experience in providing tier-3 level support in large enterprises. Cloud Key vaulting, Zero Trust Architecture and modern authentication know how are highly desirable. Responsibilities include: Performing all aspects of systems design and PKI engineering in support of various PKI systems deployed at the Department of State.
Manage and maintain enclaved server hardware, storage, switches, server operating systems, and Hardware Security Modules (HSMs)
Providing in-depth subject matter expertise for engineering support related to Public Key Infrastructure (PKI) systems, especially in a government setting.
Maintaining existing PKI systems - patch existing systems, deploy new components based on customer demand
Assist in evaluating and deploying solutions to support modern authentication (i.e SAML based authentication, FIDO2, PIV Derived Credential, etc )
Assist in designing and deploying solution in support of migrating to a Zero Trust Architecture environment
Performing problem analysis following any service issues to prevent recurrence
Identifying security risks to customer systems and suggest mitigations
Designing, building, and managing PKI enclaves conforming to the policies and standards of the Department of State, Homeland Security Presidential Directive 12 (HSPD-12), Federal Bridge Certification Authority (FBCA), National Institute of Standards and Technology (NIST), and other policies and standards as required.
Identifying security architectures and implementation gaps, vulnerabilities, and risks; developing, testing, and implementing solutions to address the gaps, and new or updated requirements.
Developing test cases for software/hardware testing and developing test evaluation reports for stakeholders.
Developing and updating systems documentation (e.g., ConOps, Operating procedures, systems architecture documents.)
Ensuring the NIST 800-53 Rev. 4 security controls, where applicable, are in place and validated on all PKI systems.
Contribute to the technical direction on all areas of PKI architecture, strategies and automation and enforce governance and standards.
Qualifications Required Education, Experience, Skills, Attributes Bachelors and five (5) years or more of relevant experience; Masters and three (3) years or more of relevant experience; may accept additional experience in lieu of degree
Strong background in the Microsoft server operating systems and Certificate Authority (CA) providers
General understanding of cryptographic keys, symmetric and asymmetric keys, cryptographic key algorithms and cipher blocks
Working knowledge with network devices particularly Cisco switches.
Network infrastructure diagnostics (TCP/IP general networking knowledge, network monitoring tools)
Virtualization technologies - VMWare ESXI, vCenter, VMWare NSX
Working knowledge of external storage solutions, storage area networks (SANs), and Fiber Channel networks
Professionally and effectively communicate; both verbal and written at all levels within the organization
Ability to think analytically, troubleshoot, and solve problems
Ability to troubleshoot and resolve network/application/operating system issues
Self-starter, able to work independently with minimum supervision
Excellent MS-Windows Server administration & maintenance skills
Excellent oral and written communication skills
Excellent analytical and troubleshooting skills
Required Clearance US Citizenship
Must have the ability to obtain Top Secret clearance. Active Secret or Top Secret clearance is preferred. Desired Experience, Skills, & Attributes Knowledge of Entrust suite of PKI products (Security Manager, Administration Services, Security Manager Proxy) especially in a government setting.
Hands-on experience with Hardware Security Modules (HSMs), and external storage solutions.
Working knowledge with a Card Management Systems (CMS) solution for Smart Cards.
Experience integrating managed devices into MDM solutions (AirWatch, Intune).
Understanding of cloud security implementation practices, particularly PKI related. (Azure, AWS, etc.)
Working knowledge of Zero Trust Architecture and modern credential management and authentication
PowerShell scripting experience and/or other scripting expertise.
Network infrastructure diagnostics (TCP/IP general networking knowledge, network monitoring tools)
Expert level skills in virtualization technologies (e.g., VMWare vSphere)
Operational experience with LDAP and PKI Directory Management
Engineering and Integration experience with Two-factor authentication: RSA, PIV cards, custom smart card solutions, and biometric authentication.
Working experience deploying OCSP capabilities within a diverse and international organization
Experience with Enterprise Systems Architecture, engineering, and deployment EEO Employer Apex Systems is an equal opportunity employer. We do not discriminate or allow discrimination on the basis of race, color, religion, creed, sex (including pregnancy, childbirth, breastfeeding, or related medical conditions), age, sexual orientation, gender identity, national origin, ancestry, citizenship, genetic information, registered domestic partner status, marital status, disability, status as a crime victim, protected veteran status, political affiliation, union membership, or any other characteristic protected by law. Apex will consider qualified applicants with criminal histories in a manner consistent with the requirements of applicable law. If you have visited our website in search of information on employment opportunities or to apply for a position, and you require an accommodation in using our website for a search or application, please contact our Employee Services Department at email protected or . Apex Systems is a world-class IT services company that serves thousands of clients across the globe. When you join Apex, you become part of a team that values innovation, collaboration, and continuous learning. We offer quality career resources, training, certifications, development opportunities, and a comprehensive benefits package. Our commitment to excellence is reflected in many awards, including ClearlyRated's Best of Staffing in Talent Satisfaction in the United States and Great Place to Work in the United Kingdom and Mexico.

<!– job description page –>