This role is significantly more specialized than the Full-Stack position. A Senior PKI (Public Key Infrastructure) Engineer with 10 years of experience is a "trust architect" for the enterprise.

Here is a detailed job description tailored for a Pune-based role, emphasizing the bridge between legacy infrastructure and modern cloud security.

Job Title : Senior PKI Engineer

Location : Pune, India (Hybrid/On-site)

Experience : 10+ Years

Domain : Cybersecurity / Infrastructure Security

Profile Summary :

We are seeking a seasoned Senior PKI Engineer with a decade of experience to lead the strategy, design, and implementation of our enterprise-wide Public Key Infrastructure. You will be the subject matter expert responsible for the entire certificate lifecycle-issuance, renewal, and revocation-ensuring the integrity of our digital trust model. The ideal candidate blends deep Windows System Engineering roots with modern Cloud KMS and automation expertise.

Key Responsibilities :

- Infrastructure Design : Create High-Level (HLD) and Detailed Technical Designs (DTD) for scalable PKI solutions integrated into global enterprise platforms.

- Certificate Lifecycle Management : Oversee end-to-end management of digital certificates using Venafi and Microsoft Certificate Services.

- System Engineering : Manage and maintain the health of the PKI ecosystem across Windows and Linux environments, including Active Directory and IIS.

- Automation & Scripting : Reduce manual overhead by developing robust automation scripts using PowerShell, Python, and Bash.

- Cloud Security Integration : Lead the migration or integration of on-premise PKI with Cloud-based KMS (AWS KMS, Azure Key Vault, or GCP KMS).

- Cross-Functional Networking : Collaborate with Network teams to ensure seamless certificate deployment across firewalls and load balancers (F5, Citrix, etc.).

- Compliance & Audit : Ensure all PKI practices align with industry standards and internal security policies, managing Root CAs and Subordinate CAs with highest security protocols.

Technical Requirements :

- Core PKI : 10+ years of hands-on experience with Microsoft Certificate Services (ADCS) and Venafi (Trust Protection Platform).

- Operating Systems : Advanced Windows System Engineering experience is a must, complemented by strong Linux administration skills.

- Directory Services : Deep expertise in Active Directory (GPOs, Kerberos, LDAP) as it relates to certificate enrollment and auto-enrollment.

- Scripting : Proficient in PowerShell (for Windows/AD automation) and Python/Bash (for cross-platform tasks).

- Cloud & KMS : Practical experience with Cloud Security architectures and managing keys within Cloud Key Management Services.

- Networking : Strong understanding of the OSI model, specifically how SSL/TLS interacts with Firewalls and Load Balancers.

Preferred Qualifications :

- Relevant certifications such as CISSP, CISM, or Microsoft Certified : Windows Server Hybrid Administrator Associate.

- Experience in high-security sectors (FinTech, Healthcare, or SaaS DMS).

- Proven track record of migrating legacy PKI environments to modern, automated platforms.