Senior PKI Engineer / SME
- Clearance: Active TS.
- Location: On-site at Joint Base Anacostia-Bolling (JBAB)
- Benefits: Medical, Dental, Vision, Retirement and more
- Certification: Professional required; Expert-level preferred
What This Job Feels Like
- Work centers on designing and maintaining trust models that other systems depend on, often with little margin for error.
- Problems are rarely straightforward—solutions must account for vendor constraints, security requirements, and interoperability edge cases.
- Ownership of PKI architecture and implementation from policy design through operational support.
- High OPTEMPO; requires precision, persistence, and disciplined follow-through.
What You’ll Do
- Design and manage PKI architectures, including root/intermediate hierarchies, chains of trust, and certificate lifecycle processes.
- Create and maintain segmented trust models (organizational partitions, cross-domain trust, constrained intermediates).
- Generate and support certificates for diverse use cases, including handling vendor-specific constraints and non-standard requirements (e.g., wildcard usage, SAN configurations, custom extensions).
- Troubleshoot certificate validation issues across systems, applications, and network boundaries.
- Collaborate with systems, network, and application teams to ensure certificates function correctly within their environments.
- Define and enforce certificate policies, revocation strategies (CRL/OCSP), and security controls.
- Mentor engineers on PKI fundamentals and correct implementation practices.
Tech Knowledge / Skills
- PKI fundamentals: X.509, certificate chains, trust stores, key management
- Microsoft CA, OpenSSL, and other PKI tooling
- TLS/SSL, mutual authentication, certificate-based access control
- CRL, OCSP, revocation and lifecycle management
- Integration points: web servers, load balancers, applications, network devices
Requirements
- 8+ years experience in PKI, security engineering, or related systems roles in secure/cleared environments
- Active TS; must be able to obtain TS/SCI
- Professional certification required; expert-level capability preferred
- Demonstrated ability to design and troubleshoot PKI systems across multiple platforms and vendors
- Experience with complex trust models and real-world certificate interoperability challenges
- DoD 8140 compliance required
- The likely salary range for this position is $140,000-$250,000. This is not, however, a guarantee of compensation or salary. Rather, salary will be set based on experience, and contractual agreements and could fall outside of this range.
Pay: $140,000.00 - $250,000.00 per year
Benefits:
- 401(k)
- 401(k) matching
- Dental insurance
- Flexible spending account
- Health insurance
- Life insurance
- Paid time off
- Retirement plan
- Vision insurance
Security clearance:
Work Location: In person