Cybersecurity PKI Systems Administrator

• Manage and operate certificate lifecycle management processes, including issuance, renewal, revocation, replacement, auditing, and compliance tracking.
• Integrate, configure, and maintain Certificate Management Systems (CMS) and enterprise-wide enrollment services.
• Implement and maintain automation workflows for certificate management using ACME and other certificate automation protocols.
• Operate and maintain PKI environments across hybrid cloud and on-prem infrastructures, including Microsoft CA, EJBCA, and other open-source or commercial PKI systems.
• Manage Hardware Security Modules (HSMs), including key generation, protection, rotation, backup, and secure handling of cryptographic materials.
• Support Identity Providers (IdPs) and authentication frameworks, enabling secure integration with SSO, MFA, federation protocols (SAML, OIDC, OAuth2), and certificate-based authentication.
• Manage and enhance auto-enrollment mechanisms for certificates on servers, devices, applications, and user endpoints.
• Develop automation scripts (PowerShell, Python) for certificate deployment, renewal workflows, system integrations, and reporting.
• Support secure onboarding/offboarding of services requiring certificates, ensuring proper identity binding, policy enforcement, and trust-chain validation.
• Understand and manage interactions with public Certification Authorities (CAs), including validation processes (DCV/OV/EV), documentation handling (CSRs, legal/organization proofs), issuance tracking, and compliance with CA/B Forum and vendor requirements.
• Assist security operations by providing PKI expertise for incident response, including mis-issuance, certificate-related outages, or key compromise scenarios.
• Maintain documentation of PKI architectures, baselines, approval workflows, system configurations, key ceremonies, and operational procedures to ensure consistency and business continuity.
• Provide support for internal and external audits, including preparation of evidence related to certificate usage, access control, cryptographic operations, and compliance posture.
• Contribute to the development of training and awareness materials to strengthen organizational understanding of PKI, secure authentication, and certificate management.

Do you have experience in Shell Scripting?, * Strong understanding and hands-on experience with federation protocols (SAML, OAuth2, OIDC), SSO models, IdP integrations, and identity brokering.

• In-depth knowledge of Multi-Factor Authentication (MFA) and certificate-based authentication workflows, including integration with enterprise identity platforms.
• Extensive experience with certificate-based authentication, encryption, digital signatures, and secure identity binding across enterprise environments.
• Solid experience with PKI and certificate management systems such as EJBCA, Microsoft CA, and public Certification Authorities (Entrust, DigiCert, Sectigo), including validation processes (DCV/OV/EV) and associated documentation.
• Strong knowledge of certificate lifecycle management, including issuance, renewal, revocation, CRLs/OCSP, enrollment protocols, trust-chain validation, and policy enforcement.
• Practical experience with certificate automation protocols, including ACME and other automated enrollment mechanisms.
• Proficiency in scripting and automation (PowerShell, Python, Bash) for certificate workflows, integrations, monitoring, and lifecycle orchestration.
• Experience with Hardware Security Modules (HSMs) for secure key generation, lifecycle management, storage, and cryptographic operations.
• Familiarity with Zero Trust principles relevant to identity assurance and certificate-driven access control.
• Excellent communication, collaboration, and documentation skills.
• Ability to work independently, proactively report progress, and operate with minimal supervision.

The resource SHOULD have the following skills and experience:

• Experience with authentication and authorization processes that integrate certificate-based access models (e.g., policy-driven access, EKUs/Key Usage constraints, smartcard/PIV workflows).
• Familiarity with credential vaulting or access control tools, such as CyberArk, in contexts where certificates or cryptographic keys are used for authentication.

Soft skills:

• Customer facing experience and oral communication skills
• Ability to write documentation & reports
• Creativity/ ability to find innovative solutions
• Willingness to learn on the job
• Conflict management & cooperation
• Willingness to career growth and attitude

Teleworking Option:

• Yes, fully remote if preferred.