Description :

Title : PKI Engineer

Experience :7yrs to 12 yrs

Location : Remote

About the Role :

We are seeking a hands-on PKI & CLM Engineer to strengthen our enterprise certificate management posture. Our environment includes AppViewX CLM, Microsoft AD Certificate Services, and Thales HSM.

This role will be 90 % focused on AppViewX automation, integrations, and lifecycle management and 10 % on Windows CA administration and HSM maintenance.

Youll own the day-to-day operation of certificate issuance, renewal, rotation, and deploymentand help take our certificate governance from a low-to-medium maturity level to a fully automated enterprise service.

Key Responsibilities :

- Administer and maintain the AppViewX CLM platform, including workflow design, connector integrations, and policy management.

- Operate and maintain the Microsoft ADCS (Windows CA) infrastructure and its integration with Thales HSM.

- Design, implement, and optimize certificate issuance, renewal, and rotation workflows, driving automation and reducing manual approvals.

- Integrate AppViewX with load balancers, web servers, and application endpoints (F5, NGINX, IIS, Apache etc.) for automated certificate deployment.

- Maintain secure key storage, key backup, and lifecycle operations within Thales HSM.

- Develop automation scripts (PowerShell, Python, REST API) to streamline certificate lifecycle tasks and reporting.

- Enforce PKI security policies, templates, and compliance controls (naming standards, validity, algorithms, FIPS 140-3, NIST 800-57).

- Troubleshoot certificate-related incidents and coordinate with DevOps, network, and application teams to resolve deployment or renewal issues.

- Provide operational metrics and assist in defining the enterprise CLM maturity roadmap.

- Contribute to continuous improvement of certificate governance, risk scoring, and audit readiness.

Required Skills & Experience :

Skill Description :

- AppViewX CLM Administration Expert-level configuration, policy, and automation workflow experience.

- PKI Administration (Microsoft ADCS) Hands-on with templates, CRL/OCSP, enrollment, and subordinate CA management.

- HSM Operations (Thales Luna Series) Key generation, partition management, and PKCS#11 integration.

- Certificate Deployment Automation Integration with servers, load balancers, and app gateways for end-to-end automation.

- Scripting & Workflow Automation PowerShell, Python, or AppViewX Automation Studio experience for CLM automation.

- Cryptography & TLS Protocols Strong grasp of RSA/ECC, CSR signing, SHA algorithms, CRL/OCSP, and mTLS.

- Policy & Compliance Enforcement Apply enterprise PKI standards and ensure adherence to CA/B Forum, NIST, FIPS guidelines.

- Troubleshooting & RCA Analyze CA/AppViewX/HSM logs for failed issuance or renewal flows.

- Cross-Team Collaboration Partner with DevOps, App, and Network teams; track via ServiceNow / Jira.

- CLM Maturity Improvement Assess current posture, identify automation gaps, and deliver roadmap execution.

Nice-to-Have :

- Familiarity with ACME-based automation and container/Kubernetes certificate rotation.

- Exposure to Zero Trust / mTLS enablement and identity federation (AD, Azure AD).

- Experience with Venafi, Keyfactor, or Sectigo CLM tools.