PKI Architect

Title: PKI Architect

Experience: 10+ years

Role Summary

The PKI Architect is responsible for the strategic design, implementation, and governance of the enterprise Public Key Infrastructure (PKI). This role ensures the confidentiality, integrity, and availability of cryptographic services, certificate lifecycle management, and trust frameworks across the organization. The architect collaborates with cross-functional teams to maintain compliance, operational resilience, and alignment with industry standards.

Key Responsibilities

• Design and maintain enterprise PKI architecture, including CA hierarchy, trust models, certificate policies, and security controls.
• Manage Certificate Authority (CA) and Registration Authority (RA) operations, including certificate issuance, renewal, revocation, and lifecycle management.
• Implement and govern cryptographic standards, key management procedures, HSM integrations, OCSP, CRL distribution, and offline root CA security.
• Integrate PKI solutions with enterprise platforms such as IAM, TLS/SSL, cloud platforms, MDM, IoT devices, and internal applications.
• Conduct risk assessments, support audit and compliance activities, and develop PKI governance documentation, CP/CPS policies, and operational procedures.

Skills Required

• Strong expertise in PKI architecture, cryptographic systems, X.509 certificates, PKCS standards, OCSP, CRL, and secure key lifecycle management.
• Hands-on experience with enterprise PKI platforms, HSMs, Certificate Lifecycle Management (CLM) tools, and CA/RA operations.
• Solid understanding of cybersecurity and compliance frameworks including NIST 800-53, ISO 27001/27002, and cryptographic governance standards.
• Proficiency in automation and scripting using PowerShell, Python, or Shell scripting for PKI operations and process automation.
• Strong analytical, risk assessment, troubleshooting, and cross-functional collaboration skills in enterprise security environments.

Please drop your CV to ***email_hidden***