Job Details

We are seeking a high-caliber Senior PKI Architect to lead the strategic design, implementation, and long-term management of a global, enterprise-level Public Key Infrastructure. This is a critical security role responsible for ensuring high availability and scalability across a complex, multi-national environment. You will drive the adoption of emerging cryptographic technologies and serve as the primary subject matter expert for all certificate lifecycle initiatives.

Core Responsibilities
• Architecture & Deployment: Lead the design and rollout of Microsoft Active DirectoryCertificate Services (AD CS) components, including CAs, Online Responders (OCSP), CRLs, and NDES.
• Lifecycle Management: Oversee the full certificate lifecycle using advanced CLM platforms and Hardware Security Modules (HSMs).
• Automation & DevOps: Develop and maintain automation scripts (PowerShell, Python) to streamline certificate issuance, revocation, and monitoring within a DevOps framework.
• Strategic Integration: Collaborate with Product Owners and IT Security teams to integrate PKI solutions into diverse applications, ensuring robust secure communication protocols.
• Tier 3 Technical Leadership: Act as the final escalation point for complex PKI and Certificate Management incidents, performing deep-dive root cause analysis and permanent remediation.
• Security & Compliance: Conduct comprehensive risk assessments and develop mitigation strategies to ensure alignment with global industry regulations and internal security standards.
• Innovation: Research emerging cryptographic trends and implement Proof of Concepts (PoCs) to keep the infrastructure resilient against modern threats.

Required Qualifications & Experience
Technical Expertise:
• 10+ years of hands-on experience with Microsoft AD CS (or equivalent) including design, deployment, and troubleshooting of CAs and NDES.
• 3+ years of expert-level experience with CLM platforms (e.g., Venafi, AppViewX, Keyfactor) and HSMs (e.g., Thales, nCipher, Utimaco).
• 5+ years of experience leading complex PKI projects from ideation through to global launch in a large-scale enterprise.
Skills & Professional Background:
• Strong proficiency in PowerShell for AD CS administration; Python experience is a significant plus.
• Proven experience working within Agile/Scrum methodologies and standardized project delivery frameworks.
• Deep understanding of modern operating systems (Windows/Linux), SQL databases, and functional testing methodologies.
• Bachelor's or Master's degree in Computer Science, Information Security, or a related technical field.
Certifications (Preferred):
• CISSP, SANS GIAC (GSEC, GCWN), or Microsoft Certified: Azure Security Engineer Associate.
Soft Skills
• Ability to translate complex technical requirements into clear documentation (design specs, operational procedures).
• A "Standard Work" mindset focused on problem-solving, safety, and operational excellence.
• Exceptional communication skills for responding to organizational inquiries regarding cryptographic requirements.

Equal Opportunity Employer / Disabled / Protected Veterans

The Know Your Rights poster is available here:


The pay transparency policy is available here:
English_formattedESQA508c.pdf

For temporary assignments lasting 13 weeks or longer, AllSTEM Connections is pleased to offer major medical, dental, vision, 401k and any statutory sick pay where required.

We are committed to working with and providing reasonable accommodations to individuals with disabilities. If you need a reasonable accommodation for any part of the employment process, please contact your staffing representative who will reach out to our HR team.

AllSTEM Connections participates in the E-Verify program in certain locations as required by law. Learn more about the E-Verify program.


We also consider for employment qualified applicants regardless of criminal histories, consistent with legal requirements, including, if applicable, the City of Los Angeles' Fair Chance Initiative for Hiring Ordinance. Pursuant to applicable state and municipal Fair Chance Laws and Ordinances, we will consider for employment-qualified applicants with arrest and conviction records, including, if applicable, the San Francisco Fair Chance Ordinance. For Los Angeles, CA applicants: Qualified applications with arrest or conviction records will be considered for employment in accordance with the Los Angeles County Fair Chance Ordinance for Employers and the California Fair Chance Act.

Additional Skills

(none specified)

AllSTEM Representative Contact Info

Account Executive:

IN HOUSE

Branch Phone:

(909) ###-####

Location:

Houston, TX