-
Summary
Senior PKI Engineer / SME
• Location: On-site at Joint Base Anacostia-Bolling (JBAB) • Clearance: Active TS
• Benefits: Medical, Dental, Vision, Retirement and more What This Job Feels Like
• Work centers on designing and maintaining trust models that other systems depend on, often with little margin for error. • Problems are rarely straightforward—solutions must account for vendor constraints, security requirements, and interoperability edge cases. • Ownership of PKI architecture and implementation from policy design through operational support. • High OPTEMPO; requires precision, persistence, and disciplined follow-through. What You'll Do
• Design and manage PKI architectures, including root/intermediate hierarchies, chains of trust, and certificate lifecycle processes. • Create and maintain segmented trust models (organizational partitions, cross-domain trust, constrained intermediates). • Generate and support certificates for diverse use cases, including handling vendor-specific constraints and non-standard requirements (e.g., wildcard usage, SAN configurations, custom extensions). • Troubleshoot certificate validation issues across systems, applications, and network boundaries. • Collaborate with systems, network, and application teams to ensure certificates function correctly within their environments. • Define and enforce certificate policies, revocation strategies (CRL/OCSP), and security controls. • Mentor engineers on PKI fundamentals and correct implementation practices. Tech Knowledge / Skills
• PKI fundamentals: X.509, certificate chains, trust stores, key management • Microsoft CA, OpenSSL, and other PKI tooling • TLS/SSL, mutual authentication, certificate-based access control • CRL, OCSP, revocation and lifecycle management • Integration points: web servers, load balancers, applications, network devices Requirements
• 8+ years experience in PKI, security engineering, or related systems roles in secure/cleared environments • Active TS; must be able to obtain TS/SCI • Professional certification required; expert-level capability preferred • Demonstrated ability to design and troubleshoot PKI systems across multiple platforms and vendors • Experience with complex trust models and real-world certificate interoperability challenges
• DoD 8140 compliance required -
Job Description
Senior PKI Engineer / SME
• Location: On-site at Joint Base Anacostia-Bolling (JBAB) • Clearance: Active TS
• Benefits: Medical, Dental, Vision, Retirement and more What This Job Feels Like
• Work centers on designing and maintaining trust models that other systems depend on, often with little margin for error. • Problems are rarely straightforward—solutions must account for vendor constraints, security requirements, and interoperability edge cases. • Ownership of PKI architecture and implementation from policy design through operational support. • High OPTEMPO; requires precision, persistence, and disciplined follow-through. What You'll Do
• Design and manage PKI architectures, including root/intermediate hierarchies, chains of trust, and certificate lifecycle processes. • Create and maintain segmented trust models (organizational partitions, cross-domain trust, constrained intermediates). • Generate and support certificates for diverse use cases, including handling vendor-specific constraints and non-standard requirements (e.g., wildcard usage, SAN configurations, custom extensions). • Troubleshoot certificate validation issues across systems, applications, and network boundaries. • Collaborate with systems, network, and application teams to ensure certificates function correctly within their environments. • Define and enforce certificate policies, revocation strategies (CRL/OCSP), and security controls. • Mentor engineers on PKI fundamentals and correct implementation practices. Tech Knowledge / Skills
• PKI fundamentals: X.509, certificate chains, trust stores, key management • Microsoft CA, OpenSSL, and other PKI tooling • TLS/SSL, mutual authentication, certificate-based access control • CRL, OCSP, revocation and lifecycle management • Integration points: web servers, load balancers, applications, network devices Requirements
• 8+ years experience in PKI, security engineering, or related systems roles in secure/cleared environments • Active TS; must be able to obtain TS/SCI • Professional certification required; expert-level capability preferred • Demonstrated ability to design and troubleshoot PKI systems across multiple platforms and vendors • Experience with complex trust models and real-world certificate interoperability challenges
• DoD 8140 compliance required -
ABOUT THE COMPANY
-
-
Government Careers
Show moreGovernment jobs offer stability, competitive benefits, and the chance to make a meaningful impact on your community and country.
Whether you’re starting your career or seeking new opportunities, these roles provide pathways for growth, security, and service.
Explore positions across a wide range of fields and take the first step toward a rewarding future in public service.
-