PKI Lead - Bangalore

Roles & Responsibility:

• Lead the design, implementation, and maintenance of Microsoft Active Directory Certificate Services (ADCS) including Root CA, Issuing CAs, CRL Distribution Points

(CDPs), and OCSP responders.

• Administer and support NDES and SCEP gateway integration with mobile device management (MDM) platforms like Microsoft Intune.

• Manage certificate lifecycle management (CLM) processes for internal and external certificates including automation, monitoring, and renewal workflows.

• Design and enforce policies around certificate issuance, revocation, and renewal to align with organizational security and compliance standards.

• Ensure CRL and OCSP infrastructure availability and redundancy across hybrid environments.

• Work with application teams to integrate TLS/SSL certificates securely for web servers, APIs, IoT devices, and internal services.

• Implement robust data security controls, encryption standards, and digital signature enforcement using PKI.

• Collaborate with compliance and audit teams for regulatory reporting and encryption feasibility assessments.

• Maintain documentation, configuration baselines, and DR plans for PKI infrastructure.

Skills Required:

• Experience 8+ years of experience in PKI implementation and operations.

• Deep knowledge and hands-on experience with Microsoft ADCS, including

Standalone and Enterprise CAs. Strong expertise in NDES, SCEP, and integration with mobile or endpoint management solutions.

• Experience in managing CRL Distribution Points, OCSP responders, and AIA

locations.

• Proficiency in certificate lifecycle automation, PowerShell scripting, and use of tools

like certreq, certutil, or third-party CLM platforms.

• Understanding of cryptographic protocols, X.509 standards, and certificate-based authentication.

• Working knowledge of data security concepts, including encryption at rest/in transit,

key management, and regulatory compliance (e.g., DORA, GDPR, HIPAA).

• Experience in troubleshooting complex PKI issues across distributed environments.

• Experienced with HSM (Hardware Security Modules) and key protection strategies.

• Exposure to Cloud PKI or migration from on-prem PKI to cloud-native certificate services. Knowledge of Intune integration with NDES/SCEP for certificate delivery to mobile endpoints.

• Technical Skills PKI Implementation and deployment. Certification Authentication, Certification management, NDES, SCEP, ADCS, CDPs, OCSP etc.