PKI/PKE Engineer

Capgemini Government Solutions (CGS) LLC is seeking a PKI/PKE Engineer to support mission-critical government clients. This role involves designing, implementing, and operating systems that enable secure digital identity and data confidentiality, while serving as the technical lead for Certificate Authorities and encryption services integration across enterprise workflows.

Responsibilities:

• Architect and maintain multi-tier Certificate Authority hierarchies (Root, Subordinate, and Issuing CAs) using Microsoft ADCS, Entrust, or DigiCert
• "Enable" applications (Web, Mobile, IoT) to use certificates for S/MIME email encryption, TLS/SSL, and 802.1X network authentication
• Implement and manage Certificate Lifecycle Management (CLM) tools like Venafi, Keyfactor, or AppViewX to automate renewals and prevent outages
• Manage the physical and logical lifecycle of Hardware Security Modules (HSMs) such as Thales/nCipher or Utimaco
• Draft and enforce the Certificate Policy (CP) and Certification Practice Statement (CPS) to ensure legal and regulatory compliance (e.g., FIPS 140-2/3)
• Lead the transition to Post-Quantum Cryptography (PQC) algorithms to protect against "harvest now, decrypt later" threats
• Act as the SME for certificate-related outages, compromised keys, or emergency revocation (CRL/OCSP) procedures

Requirements:

• Minimum of six years of progressive experience in PKI/PKE administration
• Bachelor's degree in computer science, or a related field
• Deep understanding of asymmetric/symmetric encryption, hashing algorithms (SHA-256/384), and protocols (OCSP, SCEP, EST, CMP)
• Proficiency in PowerShell, Python, or OpenSSL for automating certificate requests and inventorying
• Familiarity with X.509, NIST SP 800-53/175, and RFC 5280
• Ability to obtain Secret level government security clearance / Active clearance preferred
• Ability to obtain CompTIA Security+ / Active certification preferred