Demo

PKI Engineer

Dunhill Professional Search & Government Solutions
Fairfax, VA Full Time
POSTED ON 4/21/2026
AVAILABLE BEFORE 5/20/2026

The PKI Engineer, designs, implements, and operates enterprise Public Key Infrastructure services that underpin secure authentication, encryption, and digital signatures across mission‑critical systems. The role serves as the primary technical authority for certificate lifecycle management, key management, and trust architectures spanning on‑premises and cloud environments. The engineer defines PKI standards, policies, and integration patterns for applications, devices, and identities, and leads troubleshooting, modernization, and automation initiatives to keep cryptographic services resilient, scalable, and audit‑ready in a highly regulated federal IT environment.


Key Responsibilities

  • Architect and maintain enterprise PKI solutions, including certificate authorities, registration authorities, OCSP/CRL distribution, and hardware security modules, ensuring high availability and crypto‑agility.
  • Oversee end‑to‑end certificate lifecycle management for users, services, devices, and workloads, including automated issuance, renewal, revocation, and inventory across hybrid and multi‑cloud environments.
  • Design PKI trust models and integration patterns for TLS/SSL, S/MIME, code signing, VPN, Wi‑Fi, and device authentication in support of zero‑trust access and strong identity assurance.
  • Implement and enforce PKI security policies, certificate policies, and certification practice statements, aligning configurations with applicable government and industry cryptographic standards.
  • Build PowerShell or Python automation, APIs, and tooling to streamline PKI operations, monitoring, key rotation, and compliance reporting at enterprise scale.
  • Lead incident response for certificate‑related outages or compromises, including rapid revocation, re‑issuance, key rotation, and coordination with security operations and incident response teams.
  • Collaborate with identity, network, and application security architects to embed PKI requirements into new platforms and remediate legacy or non‑compliant cryptographic implementations.
  • Guide risk assessments and audits focused on cryptographic controls, producing remediation roadmaps to address algorithm deprecation, weak ciphers, and end‑of‑life PKI components.

Required Qualifications

  • Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or related field, or equivalent relevant experience.
  • 8 years of experience in cybersecurity engineering or closely related roles, including at least 5 years focused on PKI architecture and operations.
  • Strong background in cybersecurity, network security, and information systems, with deep understanding of standards‑based security architectures, identity services, and device profiling.
  • Demonstrated expertise with enterprise PKI platforms, certificate lifecycle management, hardware security modules, and related tooling across on‑prem and cloud environments.
  • Proficiency with automation and scripting (such as PowerShell or Python) to manage PKI operations, monitoring, and reporting at scale.
  • Excellent problem‑solving, analytical, communication, and interpersonal skills, with the ability to manage multiple initiatives and incident responses effectively.
  • Secret Clearance Required
  • U.S. citizenship required.
  • Less than 10% travel required.

Preferred Qualifications

  • Experience engineering PKI for large federal or defense environments, including integration with smart cards, PIV/CAC, and enterprise identity governance platforms.
  • Professional certifications such as CISSP, CCSP, or vendor PKI/cryptography credentials demonstrating advanced knowledge of applied cryptography and key management.
  • Experience leading cryptographic modernization programs (for example, algorithm migrations, key‑length upgrades, or post‑quantum‑readiness initiatives).
  • Familiarity with zero‑trust architectures and how PKI enables strong device, user, and service identity within those models.

Salary : $125,000 - $159,000

If your compensation planning software is too rigid to deploy winning incentive strategies, it’s time to find an adaptable solution. Compensation Planning
Enhance your organization's compensation strategy with salary data sets that HR and team managers can use to pay your staff right. Surveys & Data Sets

What is the career path for a PKI Engineer?

Sign up to receive alerts about other jobs on the PKI Engineer career path by checking the boxes next to the positions that interest you.
Income Estimation: 
$73,120 - $92,318
Income Estimation: 
$91,158 - $113,466
Income Estimation: 
$139,945 - $168,577
Income Estimation: 
$164,835 - $201,088
Income Estimation: 
$135,994 - $168,063
Income Estimation: 
$161,209 - $233,553
Employees: Get a Salary Increase
View Core, Job Family, and Industry Job Skills and Competency Data for more than 15,000 Job Titles Skills Library

Job openings at Dunhill Professional Search & Government Solutions

  • Dunhill Professional Search & Government Solutions Washington, DC
  • Case Specialist 1 Hybrid in Washington, DC **U.S Citizenship required** Works on programs/projects in support of varying government contracts. Performs a v... more
  • 14 Days Ago

  • Dunhill Professional Search & Government Solutions Reston, VA
  • Federal Network Support Shift Supervisor Location: Reston, VA Clearance: Active Secret Clearance Required Shifts: (1) Day, (1) Swing, and (1) Night (24x7 O... more
  • 16 Days Ago

  • Dunhill Professional Search & Government Solutions Atlanta, GA
  • **TS/SCI Full Scope Polygraph Security Clearance Required** We are seeking an experienced Customer Support Engineer to join our Microsoft operations team s... more
  • 16 Days Ago

  • Dunhill Professional Search & Government Solutions Baltimore, WA
  • The Identity Systems Compliance & Program Lead is responsible for ensuring that enterprise identity platforms and services meet all security, policy, and l... more
  • 1 Day Ago


Not the job you're looking for? Here are some other PKI Engineer jobs in the Fairfax, VA area that may be a better fit.

  • Leidos Quantico, VA
  • Description Leidos' Digital Modernization Sectoris seeking aJunior PKI Network Engineerto support staffing for theMarine Corps Cyber Operations Group (MCCO... more
  • 4 Days Ago

  • Leidos Quantico, VA
  • Description Leidos' Digital Modernization sector is seeking a PKI Network Engineer to support the Marine Corps Cyber Operations Group (MCCOG) Public Key In... more
  • 8 Days Ago

AI Assistant is available now!

Feel free to start your new journey!