Key skills
PKI ExpertiseVenafiDigiCert OneCryptographic ProtocolsMachine Identity ManagementPowerShellHSMCommunicationProblem-SolvingAWSAzureVaultLDAPActive DirectoryIdentity ManagementCI/CD
About this role
Mastech Digital is seeking an experienced Public Key Infrastructure (PKI) Engineer for a hands-on technical role. The successful candidate will be responsible for implementing, deploying, and managing PKI solutions, focusing on integrations with enterprise applications and managing machine identities.
Responsibilities:
- Design, deploy, configure, and manage highly available PKI solutions, with a primary focus on the Venafi Trust Protection Platform and DigiCert One within the client's environment
- Integrate PKI and certificate management solutions with a wide variety of the client's enterprise applications, cloud services, and DevOps pipelines
- Develop and implement strategies for effective machine identity and key lifecycle management, including discovery, creation, distribution, rotation, and revocation of cryptographic keys and digital certificates
- Configure, deploy, and manage Hardware Security Modules (HSMs) to secure critical cryptographic keys
- Implement and manage secure code signing processes to ensure the integrity and authenticity of the client's software
- Act as the subject matter expert for PKI-related issues, providing advanced troubleshooting for certificate-related incidents and integration failures
- Ensure that all PKI configurations and integrations adhere to the client's security standards and compliance requirements (e.g., NIST, ISO 27001)
- Work closely with client application owners, security architects, project managers, and other stakeholders to gather requirements and deliver robust PKI solutions
- Create and maintain detailed documentation of the PKI architecture, configurations, integrations, and operational processes for project deliverables
Requirements:
- PKI Expertise: Minimum of 3-5 years of hands-on experience with enterprise PKI solutions, with a demonstrated focus on certificate and machine identity lifecycle management. Specific, deep expertise with Venafi and DigiCert One is mandatory
- Security Fundamentals: Strong understanding of cryptographic concepts, PKI, and machine identity management principles
- Technical Protocols: In-depth knowledge of cryptographic protocols (TLS/SSL, S/MIME), certificate enrollment protocols (SCEP, EST), and directory services (Active Directory, LDAP)
- Technical Skills: Proven experience with integrating PKI solutions into enterprise applications, cloud platforms (AWS, Azure), and CI/CD pipelines. Familiarity with Hardware Security Modules (HSMs). Proficiency in PowerShell or other scripting languages for automation is necessary
- Problem-Solving: Excellent analytical and problem-solving skills, with the ability to troubleshoot complex technical issues in a project-based environment
- Communication: Strong written and verbal communication skills, with the ability to articulate complex technical concepts to both technical and non-technical stakeholders
- Act with integrity, professionalism, and personal responsibility to uphold KPMG's respectful and courteous work environment
- Experience working in a professional services or consulting environment on client-facing projects
- Familiarity with other PKI and security tools (e.g., Microsoft AD CS, Hashi Corp Vault, CyberArk)
- Relevant industry certifications (e.g., CISSP, CISM, or vendor-specific credentials)
- Understanding of ITIL processes for incident, change, and problem management