Job Title: PKI Architect

Location: Lodi, CA//Sunnyvale, CA

Duration: Long term

Job Summary:

We are seeking a highly skilled PKI Architect to lead the design,implementation, and management of enterprise Public Key Infrastructuresolutions. The ideal candidate will have deep expertise in cryptographictechnologies, certificate lifecycle management, and secure key managementpractices, with a strong understanding of enterprise security architecture.

Key Responsibilities:

Design and architect scalable PKI solutions to support enterprisesecurity requirements.

Lead the implementation and integration of PKI systems withidentity management, authentication, and secure communications platforms.

Define and enforce certificate policies, key usage standards, andlifecycle management processes.

Manage root and subordinate Certificate Authorities (CAs),including hardware security modules (HSMs).

Ensure compliance with industry standards and regulatoryrequirements (e.g., NIST, ISO, GDPR).

Collaborate with cybersecurity, infrastructure, and applicationteams to integrate PKI into broader security architecture.

Conduct risk assessments and recommend improvements to PKI-relatedprocesses and technologies.

Provide technical leadership and mentoring to engineering teams onPKI best practices.

Required Skills & Qualifications:

Bachelor’s or Master’s degree in Computer Science, InformationSecurity, or related field.

7+ years of experience in cybersecurity, with at least 3 yearsfocused on PKI architecture and implementation.

Strong understanding of cryptographic protocols (TLS/SSL, S/MIME,IPsec), certificate formats (X.509), and key management.

Experience with PKI tools and platforms (e.g., Microsoft AD CS,Venafi, DigiCert, Entrust, Keyfactor).

Familiarity with HSMs, smart cards, and secure key storagesolutions.

Knowledge of identity and access management (IAM) and integrationwith PKI.

Excellent problem-solving, documentation, and communicationskills.

Preferred Qualifications:

Certifications such as CISSP, CISM, or vendor-specific PKIcertifications.

Experience with cloud-based PKI solutions (AWS CertificateManager, Azure Key Vault).

Knowledge of DevSecOps practices and automation of certificatemanagement.