PKI Engineer

Title :PKI Engineer

Experience :8 yrs - 12 yrs

Notice Period :Immediate to 7 days

About the Role

hands-on PKI & CLM Engineer

Key Responsibilities

• Administer and maintain the

  AppViewX CLM platform

  , including workflow design, connector integrations, and policy management.
• Operate and maintain the

  Microsoft ADCS (Windows CA)

  infrastructure and its integration with Thales HSM.
• Design, implement, and optimize

  certificate issuance, renewal, and rotation workflows

  , driving automation and reducing manual approvals.
• Integrate AppViewX with

  load balancers, web servers, and application endpoints

  (F5, NGINX, IIS, Apache etc.) for automated certificate deployment.
• Maintain secure key storage, key backup, and lifecycle operations within

  Thales HSM

  .
• Develop automation scripts (PowerShell, Python, REST API) to streamline certificate lifecycle tasks and reporting.
• Enforce

  PKI security policies, templates, and compliance controls

  (naming standards, validity, algorithms, FIPS 140-3, NIST 800-57).
• Troubleshoot certificate-related incidents and coordinate with DevOps, network, and application teams to resolve deployment or renewal issues.
• Provide operational metrics and assist in defining the

  enterprise CLM maturity roadmap

  .
• Contribute to continuous improvement of certificate governance, risk scoring, and audit readiness.

• Required Skills & Experience

Skill

Description

AppViewX CLM Administration

Expert-level configuration, policy, and automation workflow experience.

PKI Administration (Microsoft ADCS)

Hands-on with templates, CRL/OCSP, enrollment, and subordinate CA management.

HSM Operations (Thales Luna Series)

Key generation, partition management, and PKCS#11 integration.

Certificate Deployment Automation

Integration with servers, load balancers, and app gateways for end-to-end automation.

Scripting & Workflow Automation

PowerShell, Python, or AppViewX Automation Studio experience for CLM automation.

Cryptography & TLS Protocols

Strong grasp of RSA/ECC, CSR signing, SHA algorithms, CRL/OCSP, and mTLS.

Policy & Compliance Enforcement

Apply enterprise PKI standards and ensure adherence to CA/B Forum, NIST, FIPS guidelines.

Troubleshooting & RCA

Analyze CA/AppViewX/HSM logs for failed issuance or renewal flows.

Cross-Team Collaboration

Partner with DevOps, App, and Network teams; track via ServiceNow / Jira.

CLM Maturity Improvement

Assess current posture, identify automation gaps, and deliver roadmap execution.

Nice-to-Have

• Familiarity with

  ACME-based automation

  and

  container/Kubernetes certificate rotation

  .
• Exposure to

  Zero Trust / mTLS enablement

  and

  identity federation (AD, Azure AD)

  .
• Experience with

  Venafi, Keyfactor, or Sectigo CLM

  tools.