"Alerted.org

**Position:** Public Key Infrastructure (PKI) Engineer

**Location:** Washington, DC (metro accessible) - Must work EST Hours (there is no requirement to be onsite)

**Duration:** Thru Fiscal Year End (April 2026) w/ a Possible 1-year Extension

Key Responsibilities:

+ Run the Day-to-Day **PKI Operations**

+ No Hands-on at this time (but has had most or all of the responsibilities listed below at one time or another) - be the "choreographer, not the dancer"

+ "Run the Show" (but not a PM - they have that position filled already)

+ Know how PKI works and how PKI 'should' work

+ Will have been responsible for most of these skillsets at some point in the past (and can provide examples):

+ Lead the infrastructure protection strategy to create, evolve, and secure internal PKI and credential management security strategy.

+ Design, implement, and operate enterprise-grade PKI solutions, including internal and external Certificate Authorities (CAs), Hardware Security Modules (HSMs), and certificate lifecycle management platforms.

+ Create design components, develop code, and test changes using test-driven development methodologies.

+ Provide subject matter expertise in resolving complex problems related to PKI environment.

+ Manage, secure, engineer and provide governance for key and certificate management services, including robust, enterprise-grade PKI, certificate lifecycle management (CLCM), infrastructure automation and credential management (CMS) systems.

+ Implement and maintain automated certificate renewal programs; capture use-cases for certificate revocation, enrollment & renewal processes.

+ Monitor creation of encryption keys to ensure protection against modification and unauthorized disclosure.

+ Define Trust Strategies and understand security and governance requirements for Certification Authorities.

+ Architect and manage internal PKI infrastructure including CA, RA, CRL, OCSP, and HSM integrations.

+ Design and implement certificate lifecycle automation using ACME protocols, scripting (e.g., PowerShell, Python), and enterprise CLM tools.

+ Install and manage certificates across platforms: Windows, Linux/Unix, Apache, Tomcat, Java Keystore, F5, Azure Key Vault.

+ Implement digital certificate policies aligned with X.509 standards and CA/Browser Forum baseline requirements.

+ Develop and maintain Certificate Policy and Certificate Practice Statements (CP/CPS).

+ Provide PKI support for application integrations, including TLS/SSL, S/MIME, 802.1x, Smartcards, and Code Signing.

+ Collaborate with IAM, Infrastructure, Security, and Application teams to integrate PKI into broader identity solutions.

+ Contribute to change management and documentation using ITSM tools (ServiceNow, Remedy).

+ Maintain high availability and disaster recovery readiness for PKI infrastructure.

+ Track and report on PKI service metrics, SLAs, KPIs, and KRIs to ensure operational excellence.

+ Develop and maintain SOPs, technical documentation, and training materials.

Preferred Skills:

+ Strong technical knowledge of:

+ Enterprise PKI Operations

+ Cryptographic Algorithms (symmetric/asymmetric)

+ Digital Signatures

+ Strong understanding of:

+ Compliance

+ Auditing

+ Key Management

+ Microsoft certifications (e.g., Azure Security Engineer, MCSA).

+ Knowledge of CA/B Forum, RFC 5280, RFC 6960 (OCSP).

+ Familiarity with containerized environments and Kubernetes certificate management.

+ Experience with Active Directory Certificate Services, GlobalSign, Sectigo, DigiCert, Keyfactor, OpenSSL, or other certificate management platforms.

+ Understanding of OCSP, CA, RA, CRL, and BYOK configurations.

+ Comprehensive understanding of the PKI/HSM ecosystem, including technology, standards, implementations, and migration strategies.

+ Experience with developing scripts for administrative and automation tasks.

+ Collaborate with other IT and Operational teams to integrate PKI solutions with existing systems/applications.

+ Monitor and troubleshoot PKI related issues.

+ Assist and educate users/administrators with certificate enabled applications, such as SSL/TLS, S/MIME, Code Signing, Smartcard, 802.1x, EAP-TLS, etc.

+ Drive technical discussions to understand digital certificate services requirements.

+ Maintain and enhance global solutions for the digital certificate area ensuring high availability and disaster recovery.

+ Knowledge of PKI Standards including X.509, CP/CPS, CA/Browser Forum Baseline Requirements.

ManpowerGroup is committed to providing equal employment opportunities in a professional, high quality work environment. It is the policy of ManpowerGroup and all of its subsidiaries to recruit, train, promote, transfer, pay and take all employment actions without regard to an employee's race, color, national origin, ancestry, sex, sexual orientation, gender identity, genetic information, religion, age, disability, protected veteran status, or any other basis protected by applicable law.