Key skills
Public Key Infrastructure (PKI)SSH Certificate Authority (SSH CA)Certificate Lifecycle ManagementApplied CryptographyCryptographic ControlsVenafi PKI/CLMVenafi SSH ManagerOpenSSHAzure Key VaultAWS KMSKubernetesService Mesh CertificatesmTLSSPIFFE/SPIREPythonPowerShellBashGoJSONInfrastructure as Code (IaC)TerraformAnsibleOpenSSLTLS ConfigurationCertificate Authority (CA) HierarchiesX.509 CertificatesCertificate Revocation Lists (CRLs)Online Certificate Status Protocol (OCSP)Cloud Key Management Services (KMS)NIST/FIPS StandardsIETF RFCsAWSAzureVaultAzure DevOpsActive DirectoryService MeshAgileCI/CD
About this role
Infojini Inc is seeking an experienced PKI and SSH Engineer to strengthen and accelerate delivery across their Cryptography, Identity, and Secure Access workstreams. The successful candidate will design, build, and operate PKI and SSH trust services while collaborating with various teams to ensure robust, scalable, compliant, and agile trust services.
Responsibilities:
- Design, implement, and operate enterprise PKI services using Venafi PKI/CLM and associated CA/HSM integrations
- Design and manage Venafi SSH Manager and implement modern SSH CA workflows for short lived user, host, and workload SSH certificates
- Integrate PKI /CLM services with a variety of services/protocols including: Azure Key Vault (and other CSP KMS) for certificate storage and workload identity, Intune / SCEP, Active Directory, Wi-Fi EAP-TLS / Radius, Kubernetes certificate and trust patterns (service mesh, workload identity, SPIFFE/SPIRE compatible models), Various Pipeline / IaC tools and templates, including Terraform
- Engineer secure certificate issuance, renewal, rotation, and revocation, including fully automated CA and CLM workflows
- Support rollout of certificate based access controls across platforms, applications, and APIs
- Collaborate with PKI, SSH, and cryptography architects to translate high level trust and cryptographic patterns into detailed engineering designs
- Design secure trust controls for certificate issuance, key protection, certificate validation, OCSP/CRL management, and SSH certificate workflows
- Embed certificate, SSH, and key governance into CI/CD systems, including automatic issuance and renewal pipelines
- Build automation and tooling to streamline platform integration with Venafi PKI/CLM, Venafi SSH Manager, and cloud KMS services
- Conduct PKI/SSH assessments, identify vulnerabilities or misconfigurations, and recommend remediation
- Develop scalable key and certificate patterns (short lived certificates, key rotation, envelope encryption, secure provisioning)
- Integrate PKI and SSH trust services with applications running on Kubernetes, hybrid cloud, and multi cloud environments
- Provide engineering guidance to platform, cloud, application development, infrastructure, and cyber security teams
- Function as subject-matter expert for PKI, SSH CA models, CA hierarchies, trust chains, key usage, ciphers, and protocol behaviours
- Troubleshoot certificate and SSH trust issues including OCSP failures, CA chain problems, TLS handshake issues, mTLS auth errors, key mismanagement, and SSH CA misconfiguration
- Support internal audit, risk, and compliance with evidence, design documentation, and deep dive technical insight
- Maintain engineering documentation, trust models, DLDs, runbooks, and operational processes
- Ensure PKI, SSH, and certificate lifecycle operations remain audit ready with appropriate evidence and process controls
- Contribute to trust, PKI, SSH, and Cryptographic Standards & Policies, ensuring consistent adoption across platforms
Requirements:
- Extensive hands-on experience as a PKI Engineer, SSH Engineer, operating Venafi PKI, CLM and Venafi SSH Manager (Trust Protection Platform) in an enterprise environment
- Strong understanding of CA hierarchies, certificate chains, X.509, CRLs, OCSP, mTLS, and TLS configurations
- Experience integrating PKI/SSH services with Azure Key Vault, AWS KMS, OpenSSH, Kubernetes and service mesh certificate architectures (mTLS, SPIFFE/SPIRE style identities)
- Proficiency with scripting and automation (Python, PowerShell, Bash, Go, JSON) and IaC tools (Azure DevOps, Terraform, Ansible)
- Experience modernising TLS certificate and SSH key management processes, uplifting protocol versions, and improving trust configurations
- Knowledge SSH tooling, including OpenSSL, OpenSSH, and Cloud Provider TLS/CA integrations and KMS APIs
- Proven ability to produce high-quality low-level designs and operational documentation
- Minimum 5-8 years experience
- Experience migrating from long-lived SSH keys to SSH CA certificate based authentication
- Experience implementing workload identity across cloud platforms using certificates or cloud KMS
- Strong understanding of NIST/FIPS standards and relevant IETF RFCs for PKI, TLS, and SSH
- Experience working within regulated industries (e.g., financial services, healthcare, public sector)
- Knowledge of crypto-agility strategies, and CA agility patterns