PKI Specialist

Posted on June 9, 2026

Location

Hybrid (Monona, WI)
013627

Position Details

Full-Time

Job Summary

Beacon Technologies is seeking a Public Key Infrastructure (PKI) Specialist for our client partner. A PKI Specialist is responsible for building, securing, and operating the trust infrastructure that enables authentication, encryption, and identity across the enterprise. They combine deep technical knowledge with governance, risk management, and cross-team collaboration. It is maintaining, fixing, operational, troubleshooting, growing the environment. The PKI Specialist is responsible for designing, implementing, and maintaining the enterprise Public Key Infrastructure (PKI) and associated cryptographic services. This role ensures secure authentication, encryption, and digital signing across the organization. The PKI Specialist works closely with security, infrastructure, identity, and application teams to maintain a resilient, compliant, and scalable trust environment.

Key Responsibilities:

  • PKI Architecture & Operations
    • Manage enterprise Certificate Authorities (CAs), Registration Authorities (RAs), and related PKI components
    • Maintain root and subordinate CA hierarchies, including offline root operations
    • Oversee certificate lifecycle management: issuance, renewal, revocation, and auditing
    • Microsoft Active Directory Services
    • Operate and maintain Hardware Security Modules (HSMs) for secure key storage
    • Implement and manage certificate automation protocols (SCEP, ACME, CEP/CES)
  • Security & Compliance
    • Develop and maintain Certificate Policies (CP) and Certification Practice Statements (CPS)
    • Ensure compliance with NIST, ISO 27001, SOC2, and industry-specific regulatory requirements
    • Enforce cryptographic standards, key lengths, hashing algorithms, and crypto agility
    • Conduct regular PKI security assessments, audits, and risk reviews
    • Support incident response involving certificate failures or key compromise
  • Integration & Engineering
    • Integrate PKI services with enterprise systems including ADCS, identity platforms, network devices, cloud services, and applications
    • Support certificate-based authentication for users, devices, servers, and applications
    • Implement and maintain TLS/SSL, S/MIME, code signing, and document signing solutions
    • Collaborate with architects and developers to ensure secure design patterns involving certificates
  • Operations & Support
    • Monitor PKI health, performance, and certificate expiration across the environment
    • Troubleshoot certificate-related outages and service disruptions
    • Provide Tier 3 support for certificate issues across infrastructure and application teams
    • Maintain detailed documentation, runbooks, diagrams, and operational procedures
  • Strategic Initiatives
    • Lead PKI modernization efforts, including cloud PKI, automation, and certificate discovery tools
    • Prepare the organization for post-quantum cryptography and future cryptographic transitions
    • Drive improvements in certificate governance, automation, and lifecycle management
    • Contribute to Zero Trust initiatives through strong identity and device trust foundations

Required Qualifications:

  • 3–7+ years of experience in PKI, cryptography, or identity/security engineering
  • Strong knowledge of PKI concepts: CAs, RAs, CRLs, OCSP, key management, certificate templates
  • Hands-on experience with Microsoft ADCS, HSMs, and certificate automation tools
  • Deep understanding of TLS/SSL, S/MIME, code signing, and certificate-based authentication
  • Familiarity with NIST SP 800-57, 800-63, FIPS 140-2/3, and related standards
  • Experience with Windows Server, Active Directory, and enterprise IAM systems
  • Strong scripting skills (PowerShell preferred)

Preferred Qualifications:

  • Experience with cloud PKI (Azure Key Vault, AWS PCA, Venafi, AppViewX, Keyfactor, etc.)
  • Experience with one or more of the following: FISMA, CMS 912, NIST, SSAE18 or other security-focused audit practices.
  • Knowledge of Zero Trust architectures and device identity
  • Experience supporting large-scale enterprise certificate environments
  • Understanding of network security, firewalls, load balancers, and VPN technologies
  • CISSP, CCSP, Security+, or Microsoft security certifications

Soft Skills:

  • Strong analytical and problem-solving abilities
  • Excellent communication skills for cross-team collaboration
  • Ability to translate complex cryptographic concepts into practical guidance
  • High attention to detail and strong sense of ownership

 

About Beacon Technologies

Are you looking to advance your career in information technology? Beacon Technologies offers career advancement opportunities, extensive training, and excellent benefits including paying for health and dental premiums for salaried employees. In addition to providing interesting opportunities, Beacon Technologies provides that old fashioned, personal touch, so you feel like a part of the Beacon team.

Beacon Technologies, Inc. is an equal employment opportunity employer with a functioning Affirmative Action Plan. It is the policy of Beacon Technologies, Inc. to ensure equal employment opportunity without discrimination or harassment on the basis of race, color, religion, sex, sexual orientation, gender identity or expression, age, disability, marital status, citizenship, national origin, genetic information, ethnicity, ancestry, disability, medical condition, military and veteran status, or any other characteristic protected by law. Beacon Technologies, Inc. prohibits any such discrimination or harassment.