Senior PKI Engineer

Insight Global is seeking a Senior PKI Engineer to join the Global Information Security (GIS) team at a Fortune 50 financial institution. This ideal candidate will design, implement, and operate enterprise-grade Public Key Infrastructure (PKI) services with a strong focus on Microsoft Active Directory Certificate Services (AD CS) and Active Directory (AD) integration. They will need to have hands-on implementation and integration knowledge of certificate lifecycle management, CA hierarchy governance, enrollment automation, HSM-backed key protection, CA backup/restore, migration, and integration with Windows Server, Linux, network/security devices, cloud providers, MDM/EDR, and zero-trust tools.
Key Responsibilities Include:
Architecture & Design
• Design and maintain enterprise PKI architectures including Root, Policy, and Issuing CAs.
• Integrate PKI with Active Directory, Entra ID, Intune/MDM, GPOs, and Azure AD.
• Develop certificate lifecycle policies including revocation and renewal.
• Implement HSM-backed key storage and disaster recovery designs.
Operations & Automation
• Own certificate lifecycle management including automation.
• Manage CRL and OCSP publication and availability.
• Implement scripting and automation using PowerShell and APIs.
• Operate and maintain secure PKI infrastructure.
Security & Compliance
• Apply strong key management practices and CA hardening baselines.
• Perform PKI risk assessments and access reviews.
• Lead incident response for PKI-related outages.
• Maintain compliance with NIST, CA/B Forum, and internal frameworks.

We are a company committed to creating diverse and inclusive environments where people can bring their full, authentic selves to work every day. We are an equal opportunity/affirmative action employer that believes everyone matters. Qualified candidates will receive consideration for employment regardless of their race, color, ethnicity, religion, sex (including pregnancy), sexual orientation, gender identity and expression, marital status, national origin, ancestry, genetic factors, age, disability, protected veteran status, military or uniformed service member status, or any other status or characteristic protected by applicable laws, regulations, and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application or recruiting process, please send a request to HR@insightglobal.com.To learn more about how we collect, keep, and process your private information, please review Insight Global's Workforce Privacy Policy: https://insightglobal.com/workforce-privacy-policy/.

• 8+ years in Security Engineering or Identity Infrastructure.
• 5+ years hands-on with Microsoft AD CS and enterprise PKI.
• Deep knowledge of X.509, CRLs, OCSP, EKUs, RSA/ECC, SHA-2.
• Strong PowerShell, Python, or C# scripting and Windows Server administration skills.
• Experience with Linux PKI, TLS/SSL, VPN authentication.
• Azure PKI integrations and HSM experience (Thales, Entrust, nCipher).

Benefit packages for this role will start on the 1st day of employment and include medical, dental, and vision insurance, as well as HSA, FSA, and DCFSA account options, and 401k retirement account access with employer matching. Employees in this role are also entitled to paid sick leave and/or other paid time off as provided by applicable law.