Senior PKI engineer
$92,700–$185,400 year
Remote · Texas, United States
Job Summary
Senior PKI Engineer responsible for designing, building, and operating the certificate lifecycle management infrastructure across CVS Health and Aetna. Responsibilities include PKI operations automation (PowerShell/Python), bulk operations via Venafi REST APIs, managing Digicert CA and certificate lifecycle, legacy CA decommissioning, Zero Trust alignment, audit readiness for HIPAA/PCI-DSS/SOX, and collaborating with network, application, and cloud teams to resolve certificate-related incidents and architecture reviews. Emphasis on automation, governance, and crypto-agility planning with experience across load balancers, CDNs, web servers, and cloud PKI integrations.
Required Qualifications
- 5+ years of hands-on PKI/CLM engineering experience in an enterprise environment
- Deep working knowledge of X.509 certificate standards, CA hierarchies, and certificate chain validation
- Production experience with at least one enterprise CLM platform: Venafi TPP, AppViewX, Keyfactor, or CyberArk
- Strong scripting/automation skills in PowerShell and/or Python, including REST API integration with CLM and CA platforms
- Hands-on experience with certificate provisioning to load balancers (F5 BIG-IP), CDNs (Akamai), web servers (IIS, Apache/Nginx), and cloud platforms (AWS ACM, Azure Key Vault)
- Solid understanding of TLS/SSL protocols, cipher suites, key exchange mechanisms, and certificate revocation (CRL/OCSP)
- Familiarity with ServiceNow, Jira, or equivalent ITSM/project tracking tools in a regulated enterprise environment
- Education: Bachelor’s degree or equivalent experience (Highschool diploma plus 4 years relevant work experience)
Apply with one swipe on Sorce. We auto-fill applications and apply on your behalf — no cover letters, no 40-minute forms.
Hiring someone like this?
Get your role in front of qualified candidates on Sorce.