isecjobs.com

Microsoft Active Directory Public Key Infrastructure (AD PKI) Expert

United States - Remote

Contract Senior-level / Expert USD 200K - 300K
MetroSys logo

MetroSys

View all jobs at MetroSys

Apply now Apply later

Position Summary:

We are seeking a Microsoft Active Directory Public Key Infrastructure (AD PKI) Expert for a short-term engagement to conduct a deep-dive discovery, analysis, and review of our existing PKI environment. The consultant will provide a detailed report on the current state, along with recommendations and options for migration, separation, and alternative on-premises or cloud-based architectures.

Key Responsibilities:

  • Deep-Dive PKI Discovery & Assessment:

    • Conduct a thorough review of the existing AD PKI infrastructure, including Certificate Authorities (CAs), Certificate Templates, CRL distribution, and Auto-Enrollment policies.
    • Analyze dependencies, security configurations, and compliance gaps.
    • Evaluate PKI integration with Active Directory, network services, and enterprise applications.

  • Analysis & Reporting:

    • Provide a detailed assessment report outlining the current PKI architecture, strengths, weaknesses, and risks.
    • Identify potential issues, security vulnerabilities, and areas for improvement.
    • Offer guidance on best practices for PKI security hardening and lifecycle management.

  • Migration & Separation Strategy:

    • Provide expert recommendations on PKI migration and separation strategies, considering:
      • Splitting PKI environments for multiple organizations or business units.
      • Migrating from on-premises to cloud-based PKI solutions (e.g., Microsoft Intune SCEP, AWS Private CA, or Azure Key Vault).
      • Transitioning from legacy PKI to a modern, scalable architecture.
    • Assess the impact of moving to cloud-native, hybrid, or third-party PKI solutions.

  • Future-State Architecture & Roadmap:

    • Design and present high-level architecture options tailored to business requirements.
    • Provide recommendations for governance, automation, and certificate lifecycle management.
    • Suggest enhancements for security, compliance, and resilience (e.g., HSM integration, CRL optimization, OCSP setup).

Qualifications & Skills:

  • Expert-level knowledge of Microsoft AD Certificate Services (AD CS), PKI design, implementation, and security best practices.
  • Experience with certificate lifecycle management, HSMs, and enterprise PKI solutions.
  • Strong understanding of certificate-based authentication, encryption, and digital signatures.
  • Hands-on experience in PKI migrations, separation strategies, and hybrid cloud PKI deployments.
  • Familiarity with cloud-based PKI alternatives, such as Microsoft Intune SCEP, AWS Private CA, or Azure Key Vault.
  • Experience with PowerShell scripting for automation of PKI-related tasks.
  • Knowledge of compliance frameworks (NIST, CIS, ISO 27001) and PKI security hardening techniques.
  • Relevant certifications (preferred): Microsoft Certified: Identity and Access Administrator, CISSP, CISM, or other security-related certifications.
Apply now Apply later
Job stats:  3  0  0
Categories: Architecture Jobs Leadership Jobs

Tags: Active Directory Automation AWS Azure CISM CISSP Cloud Compliance Encryption Governance ISO 27001 NIST PKI PowerShell Scripting Strategy Vulnerabilities

Regions: Remote/Anywhere North America
Country: United States

More jobs like this

« Back to job search To the top ↑

Explore more career opportunities

Find even more open roles below ordered by popularity of job title or skills/products/technologies used.

Information Security Manager jobsInformation System Security Officer jobsInformation Security Officer jobsSenior Cloud Security Engineer jobsInformation Security Specialist jobsSenior Cybersecurity Engineer jobsSenior Network Security Engineer jobsIT Security Engineer jobsCyber Security Specialist jobsSystems Engineer jobsSenior Information Security Analyst jobsSystems Administrator jobsSecurity Consultant jobsIT Security Analyst jobsChief Information Security Officer jobsSenior Cyber Security Engineer jobsSecurity Specialist jobsInformation System Security Officer (ISSO) jobsSenior Penetration Tester jobsInformation Systems Security Engineer jobsStaff Security Engineer jobsThreat Intelligence Analyst jobsCyber Threat Intelligence Analyst jobsSecurity Operations Analyst jobsSenior Product Security Engineer jobs
Encryption jobsJava jobsMalware jobsEDR jobsSplunk jobsGDPR jobsRMF jobsSaaS jobsForensics jobsIDS jobsDoDD 8570 jobsIPS jobsSQL jobsSDLC jobsBash jobsIntrusion detection jobsActive Directory jobsThreat detection jobsCompTIA jobsGIAC jobsFinance jobsCRISC jobsITIL jobsTerraform jobsDocker jobs
Clearance Required jobsOWASP jobsSANS jobsPolygraph jobsIndustrial jobsVPN jobsUNIX jobsHIPAA jobsCCSP jobsSOC 2 jobsTCP/IP jobsAnsible jobsBanking jobsIT infrastructure jobsOSCP jobsDNS jobsJavaScript jobsSAP jobsData Analytics jobsNIST 800-53 jobsSOX jobsMITRE ATT&CK jobsGCIH jobsJira jobsSOAR jobs