Capgemini Government Solutions LLCVerified Employer
Business Services & Consulting • all cities, AZ 4
PKI/PKE Engineer (4)
all cities, AZ 4On-sitePosted just now
Business Services & Consulting
About the Role
PKI/PKE Engineer
Capgemini Government Solutions (CGS) LLC is seeking a PKI/PKE Engineer to support mission-critical government clients.The ideal candidate will collaborate with a high-performing team, engage with a broad range of stakeholders, and play a key role in expanding CGS capabilities while continuing to grow their technical and consulting expertise.PKI/PKE Engineer will be tasked to design, implement, and operate systems that enable secure digital identity and data confidentiality.
This role serves as the technical lead for Certificate Authorities (CAs), Hardware Security Modules (HSMs), and the integration of encryption services across enterprise workflows.
Responsibilities:
Architect and maintain multi-tier Certificate Authority hierarchies (Root, Subordinate, and Issuing CAs) using Microsoft ADCS, Entrust, or DigiCert.
Enable applications (Web, Mobile, IoT) to use certificates for S/MIME email encryption, TLS/SSL, and 802.1X network authentication.
Implement and manage Certificate Lifecycle Management (CLM) tools like Venafi, Keyfactor, or AppViewX to automate renewals and prevent outages.
Manage the physical and logical lifecycle of Hardware Security Modules (HSMs) such as Thales/nCipher or Utimaco.
Draft and enforce the Certificate Policy (CP) and Certification Practice Statement (CPS) to ensure legal and regulatory compliance (e.g., FIPS 140-2/3).
Lead the transition to Post-Quantum Cryptography (PQC) algorithms to protect against "harvest now, decrypt later" threats.
Act as the SME for certificate-related outages, compromised keys, or emergency revocation (CRL/OCSP) procedures.
Requirements:
Minimum of 3+ years of progressive experience in PKI/PKE administration
Bachelor's degree in computer science, or a related field.
Deep understanding of asymmetric/symmetric encryption, hashing algorithms (SHA-256/384), and protocols (OCSP, SCEP, EST, CMP).
Proficiency in PowerShell, Python, or OpenSSL for automating certificate requests and inventorying.
Familiarity with X.509, NIST SP 800-53/175, and RFC 5280.
Ability to obtain Secret level government security clearance / Active clearance preferred
Ability to obtain CompTIA Security+ / Active certification preferred
PKI/PKE Engineer
Capgemini Government Solutions (CGS) LLC is seeking a PKI/PKE Engineer to support mission-critical government clients.The ideal candidate will collaborate with a high-performing team, engage with a broad range of stakeholders, and play a key role in expanding CGS capabilities while continuing to grow their technical and consulting expertise.PKI/PKE Engineer will be tasked to design, implement, and operate systems that enable secure digital identity and data confidentiality.
This role serves as the technical lead for Certificate Authorities (CAs), Hardware Security Modules (HSMs), and the integration of encryption services across enterprise workflows.
Responsibilities:
Architect and maintain multi-tier Certificate Authority hierarchies (Root, Subordinate, and Issuing CAs) using Microsoft ADCS, Entrust, or DigiCert.
Enable applications (Web, Mobile, IoT) to use certificates for S/MIME email encryption, TLS/SSL, and 802.1X network authentication.
Implement and manage Certificate Lifecycle Management (CLM) tools like Venafi, Keyfactor, or AppViewX to automate renewals and prevent outages.
Manage the physical and logical lifecycle of Hardware Security Modules (HSMs) such as Thales/nCipher or Utimaco.
Draft and enforce the Certificate Policy (CP) and Certification Practice Statement (CPS) to ensure legal and regulatory compliance (e.g., FIPS 140-2/3).
Lead the transition to Post-Quantum Cryptography (PQC) algorithms to protect against "harvest now, decrypt later" threats.
Act as the SME for certificate-related outages, compromised keys, or emergency revocation (CRL/OCSP) procedures.
Requirements:
Minimum of 3+ years of progressive experience in PKI/PKE administration
Bachelor's degree in computer science, or a related field.
Deep understanding of asymmetric/symmetric encryption, hashing algorithms (SHA-256/384), and protocols (OCSP, SCEP, EST, CMP).
Proficiency in PowerShell, Python, or OpenSSL for automating certificate requests and inventorying.
Familiarity with X.509, NIST SP 800-53/175, and RFC 5280.
Ability to obtain Secret level government security clearance / Active clearance preferred
Ability to obtain CompTIA Security+ / Active certification preferred
What You'll Do
Architect and maintain multi-tier Certificate Authority hierarchies (Root, Subordinate, and Issuing CAs) using Microsoft ADCS, Entrust, or DigiCert.
Enable applications (Web, Mobile, IoT) to use certificates for S/MIME email encryption, TLS/SSL, and 802.1X network authentication.
Implement and manage Certificate Lifecycle Management (CLM) tools like Venafi, Keyfactor, or AppViewX to automate renewals and prevent outages.
Manage the physical and logical lifecycle of Hardware Security Modules (HSMs) such as Thales/nCipher or Utimaco.
Draft and enforce the Certificate Policy (CP) and Certification Practice Statement (CPS) to ensure legal and regulatory compliance (e.g., FIPS 140-2/3).
Lead the transition to Post-Quantum Cryptography (PQC) algorithms to protect against "harvest now, decrypt later" threats.
