Sunrise Systems, Inc.Remote
PKI Engineer
United States of America
Contract
3 weeks ago
H1B Sponsor Likely
Key skills
PKISSHCryptographic EngineeringVenafi PKI/CLMCertificate Authority (CA)Hardware Security Module (HSM) integrationVenafi SSH ManagerSSH Certificate WorkflowsAzure Key VaultCloud Service Provider Key Management Systems (CSP KMS)IntuneSCEPActive DirectoryWi-Fi EAP-TLSRadiusKubernetes CertificatesService MeshWorkload IdentitySPIFFE/SPIREInfrastructure as Code (IaC)TerraformCertificate IssuanceCertificate RenewalCertificate RotationCertificate RevocationCertificate Based Access ControlOCSPCRL ManagementDevSecOpsCI/CD SystemsAutomationToolingCloud Key Management Services (KMS)PKI/SSH Security AssessmentsVulnerability IdentificationRemediationEnvelope EncryptionSecure ProvisioningAzureKubernetesVaultCI/CD
About this role
Sunrise Systems, Inc. is seeking a PKI Engineer to design, implement, and operate enterprise PKI services. The role involves collaborating with architects, integrating PKI services with various protocols, and automating certificate management processes.
Responsibilities:
- Design, implement, and operate enterprise PKI services using Venafi PKI/CLM and associated CA/HSM integrations
- Design and manage Venafi SSH Manager and implement modern SSH CA workflows for short lived user, host, and workload SSH certificates
- Integrate PKI /CLM services with a variety of services/protocols including: Azure Key Vault (and other CSP KMS) for certificate storage and workload identity, Intune / SCEP, Active Directory, Wi-Fi EAP-TLS / Radius, Kubernetes certificate and trust patterns (service mesh, workload identity, SPIFFE/SPIRE compatible models), Various Pipeline / IaC tools and templates, including Terraform
- Engineer secure certificate issuance, renewal, rotation, and revocation, including fully automated CA and CLM workflows
- Support rollout of certificate based access controls across platforms, applications, and APIs
- Collaborate with PKI, SSH, and cryptography architects to translate high level trust and cryptographic patterns into detailed engineering designs
- Design secure trust controls for certificate issuance, key protection, certificate validation, OCSP/CRL management, and SSH certificate workflows
- Embed certificate, SSH, and key governance into CI/CD systems, including automatic issuance and renewal pipelines
- Build automation and tooling to streamline platform integration with Venafi PKI/CLM, Venafi SSH Manager, and cloud KMS services
- Conduct PKI/SSH assessments, identify vulnerabilities or misconfigurations, and recommend remediation
- Develop scalable key and certificate patterns (short lived certificates, key rotation, envelope encryption, secure provisioning)
- Integrate PKI and SSH trust services with applications running on Kubernetes, hybrid cloud, and multi cloud environments
Requirements:
- Design, implement, and operate enterprise PKI services using Venafi PKI/CLM and associated CA/HSM integrations
- Design and manage Venafi SSH Manager and implement modern SSH CA workflows for short lived user, host, and workload SSH certificates
- Integrate PKI /CLM services with a variety of services/protocols including: Azure Key Vault (and other CSP KMS) for certificate storage and workload identity, Intune / SCEP, Active Directory, Wi-Fi EAP-TLS / Radius, Kubernetes certificate and trust patterns (service mesh, workload identity, SPIFFE/SPIRE compatible models), Various Pipeline / IaC tools and templates, including Terraform
- Engineer secure certificate issuance, renewal, rotation, and revocation, including fully automated CA and CLM workflows
- Support rollout of certificate based access controls across platforms, applications, and APIs
- Collaborate with PKI, SSH, and cryptography architects to translate high level trust and cryptographic patterns into detailed engineering designs
- Design secure trust controls for certificate issuance, key protection, certificate validation, OCSP/CRL management, and SSH certificate workflows
- Embed certificate, SSH, and key governance into CI/CD systems, including automatic issuance and renewal pipelines
- Build automation and tooling to streamline platform integration with Venafi PKI/CLM, Venafi SSH Manager, and cloud KMS services
- Conduct PKI/SSH assessments, identify vulnerabilities or misconfigurations, and recommend remediation
- Develop scalable key and certificate patterns (short lived certificates, key rotation, envelope encryption, secure provisioning)
- Integrate PKI and SSH trust services with applications running on Kubernetes, hybrid cloud, and multi cloud environments