Type of Requisition:

Regular

Clearance Level Must Currently Possess:

None

Clearance Level Must Be Able to Obtain:

None

Public Trust/Other Required:

NACI (T1)

Job Family:

Cyber and IT Risk Management:

Job Qualifications:

Skills:

Cloud Integrations, Public Key Infrastructure (PKI) Operations, SSL Certificate Management

Certifications:

None

Experience:

10 + years of related experience

US Citizenship Required:

Yes

Job Description:

Position Summary

The Senior PKI Engineer is responsible for designing, implementing, securing, and maintaining enterprise Public Key Infrastructure (PKI) services that support mission-critical authentication, encryption, digital signature, and certificate lifecycle operations. This role requires a general understanding of PIV implementation in the government space.

Key Responsibilities

• Administer enterprise PKI systems, including Certificate Authorities (CAs), Online Certificate Status Protocol (OCSP) responders, Hardware Security Modules (HSMs), and certificate lifecycle service products.
• Deep understanding and application of PKCS standards.
• Implement PKI in hybrid or cloud-based environments such as Azure, AWS, and Google Cloud Platform (GCP).
• Manage and configure Microsoft Active Directory Certificate Services (ADCS).

Automation & Integration

• Support the automation of certificate issuance, renewal, monitoring, and compliance reporting processes.

Operations & Troubleshooting

• Provide Tier III support for PKI, certificate-based authentication, TLS/SSL, smart cards, and identity management systems.
• Troubleshoot issues such as certificate chain validation, revocation, OCSP/CRL failures, and integration challenges.
• Ensure high availability, redundancy, and disaster recovery readiness for PKI services.

Modernization & Emerging Technologies

• Support for post-quantum cryptography (PQC) transitions and compliance with emerging NIST standards.
• Integrate cost-efficient open-source cryptographic libraries and JRE/JDK solutions.
• Support zero-trust architecture strategies and cloud migration efforts.
• Explore and evaluate new technologies to enhance scalability, automation, and security.

Required Qualifications

• Education: Bachelor’s degree in Computer Science, Cybersecurity, Engineering, or equivalent experience.
• **Experience:**7+ years of hands-on experience in PKI engineering, certificate services, and cryptographic system management.
• Deep expertise with:Microsoft Active Directory Certificate Services (ADCS)
• Various HSMs (Thales, Safe Net, AWS CloudHSM, etc.)
• OCSP/CRL infrastructure
• TLS/SSL, S/MIME, and device certificates
• Smart card and PIV/CAC authentication systems
• Strong understanding of:NIST standards (e.g., SP 800-57, 800-131A, 800-63)
• FIPS 140-2/3 compliance
• Cryptography and key algorithms (X.509, ASN.1, RSA/ECC/PQC)
• Proficiency in scripting/automation via PowerShell, Python, or Bash.
• Background in solving vulnerability management challenges and addressing POA&M items.
• Expertise in leading key ceremonies and managing cryptographic material securely.
• Technical Skills: Proficiency in networking, firewall rule implementations, and TLS/SSL troubleshooting.
• In-depth knowledge of Windows environments, including certificate installation for CAPI and diverse applications/appliances.
• Experience in SNMP monitoring, SIEM/syslog tools, and Docker troubleshooting.
• Familiarity with VPN solutions (e.g., Cisco Secure Client) and NAC protocols like 802.1X.

Preferred Qualifications

• Knowledge and experience with PQC migration and NIST PQC algorithm adoption.
• Familiarity with identity and access management (IAM/IAG) platforms, IDMS, and federation systems.
• Hands-on experience with cloud-native PKI solutions (e.g., Azure Key Vault, AWS ACM Private CA).
• Relevant certifications, such as:CISSP
• CCSP
• Security+
• Microsoft security certifications
• Experience in high-assurance or federal agency-regulated environments.

The likely salary range for this position is $124,093 - $142,706. This is not, however, a guarantee of compensation or salary. Rather, salary will be set based on experience, geographic location and possibly contractual requirements and could fall outside of this range.

Scheduled Weekly Hours:

40

Travel Required:

None

Telecommuting Options:

Hybrid

Work Location:

USA VA Falls Church:

Additional Work Locations:

Total Rewards at GDIT:

Our benefits package for all US-based employees includes a variety of medical plan options, some with Health Savings Accounts, dental plan options, a vision plan, and a 401(k) plan offering the ability to contribute both pre and post-tax dollars up to the IRS annual limits and receive a company match. To encourage work/life balance, GDIT offers employees full flex work weeks where possible and a variety of paid time off plans, including vacation, sick and personal time, holidays, paid parental, military, bereavement and jury duty leave. To ensure our employees are able to protect their income, other offerings such as short and long-term disability benefits, life, accidental death and dismemberment, personal accident, critical illness and business travel and accident insurance are provided or available. We regularly review our Total Rewards package to ensure our offerings are competitive and reflect what our employees have told us they value most.

We are GDIT. A global technology and professional services company that delivers consulting, technology and mission services to every major agency across the U.S. government, defense and intelligence community. Our 30,000 experts extract the power of technology to create immediate value and deliver solutions at the edge of innovation. We operate across 50 countries worldwide, offering leading capabilities in digital modernization, AI/ML, Cloud, Cyber and application development. Together with our clients, we strive to create a safer, smarter world by harnessing the power of deep expertise and advanced technology.

Join our Talent Community to stay up to date on our career opportunities and events at
gdit.com/tc.

Equal Opportunity Employer / Individuals with Disabilities / Protected Veterans