Description
Description
The Senior PKI Engineer will support implementation and design of DOT's refresh solution, KeyFactor, and The candidate will support implementation and design services for Microsoft Active Directory certificate services and KeyFactor. The candidate will serve as subject matter expert for PKI, smart card authentication, and identity services for the Active Directory Services Team for on-premises Active Directory, and Entra ID. The candidate will provide support for Windows-based systems across the enterprise, including directory and identity management solutions. Resolves and appropriately completes assigned tasks and change requests and acts as an escalation for support issues. Applies new solutions through research and collaboration with team and determines course of action for new application initiatives. Implements new software solutions as required by the business. The core infrastructure technology duties include enterprise Microsoft Active Directory, Microsoft Certificate Services, policy configuration, and top-level support for enterprise-wide initiatives.
Job Description and Duties
- Minimum two-days per week onsite requirement at DOT HQ, Washington DC.
- Once every 2-3 months support server infrastructure in a 24x7 on-call escalation capacity as part of a team rotation.
- Provide enterprise-level support for Active Directory for global initiatives following those through to implementation via collaboration with project and support teams.
- Lead point of contact for certificate services including issuances, renewals, and management functions; maintain Certificate life-cyle and on-demand and periodic reporting on enterprise and solution certificate status.
- Research, evaluate, and provide solution recommendations for current PKI capability and opportunities for enhancements.
- Support engineering, design, implementation, and operations support of PKI-solution.
- Serves as escalation point for PKI and active directory support and troubleshooting, provides guidance and direction in resolution of escalated issues and/or complex production, application, or system problems.
- Create and maintain system documentation for domain and PKI technologies, including installation, configuration, and appropriate troubleshooting steps.
- Improve existing processes through solutions to recurring problems and enhancements to existing solutions or documentation.
- Perform daily system monitoring, verifying the integrity and availability of all hardware, server resources, systems, and key processes, reviewing system and application logs, and verifying completion of scheduled jobs.
- Install, configure, and maintain Active Directory and third-party software utilities for hardware systems within company operational guidelines.
- Create and maintain system documentation for domain technologies, including installation, configuration, and appropriate troubleshooting steps.
- Improve existing processes through solutions to recurring problems and enhancements to existing solutions or documentation.
- Provide training as required.
- Maintain and update environmental documentation, standard Operating Procedures, and engineering documentation.
- Collaborate with Lead to identify, assess, and present solution options for meeting the functional and technical requirements, which may include hardware and/or software.
- Performs security hardening, patching and server certificate updates.
- Develops documentation for System Installation Plans and System Administration Guide
- Perform other tasks as directed by Lead Engineers or Project Manager.
Qualifications
Required Education and Experience:
· Must have extensive knowledge of multi-vendor server operating systems.
· Must have extensive experience and expertise with KeyFactor including implementation, operations, and maintenance.
· Must have knowledge of multiple certificate technologies including Entrust/Sectigo, SSL.com, DigiCert, etc.
· Demonstrated experience in all aspects of enterprise Windows environment operations and maintenance (O&M) and engineering.
· Active Directory architecture and management [expert-level]
· PKI, HSM's, PIV cards, Smart Cards [expert-level]
· Multi-Factor Authentication- Active Directory Federation Services (ADFS), SAML, SSO [expert-level]
· Knowledge in creating, administering, and troubleshooting Group Policies (GPOs) [expert-level]
· Windows Certificates Services Management [expert-level]
· Scripting Experience: PowerShell and VBScript, and/or other scripting experience [senior level]
· Windows Server Operating Systems (Server 2016 to 2022) [expert-level]
· Develops security standards and controls per DISA STIGS and CISA requirements [senior level]
· Experience with performing root cause analysis, risk identification, and risk mitigation
· Interpersonal skills including the ability to collaborate effectively.
· Demonstrated experience in a fast tempo ITSM support environment.
Preferred skills and qualifications:
· Expert level experience with Azure Active Directory
· Microsoft Certification(s) including Windows Server Hybrid Administrator Associate, Endpoint Administrator Associate, Azure Fundamentals, Azure Administrator Associate, MS365 Certified Administrator Expert, MCSE/MCSA (retired)
· Cloud certification including AWS/Azure Solution Architect, AWS SysOps Administrator
· Ansible experience is a plus.
· Any additional professional IT or Project Management certifications.
· Knowledge of KeyFactor-PKI preferred.
· Knowledge of SailPoint and/or CyberArk preferred.
· Strong experience with Windows Failover Clustering, and HA/DR planning and execution
Note: Candidate must be a U.S. citizen or green card holder who has resided in the U.S. for at least 3 years and the ability to obtain a public trust.
Target salary range: $120,001 - $160,000. The estimate displayed represents the typical salary range for this position based on experience and other factors.
SAIC accepts applications on an ongoing basis and there is no deadline.
Covid Policy: SAIC does not require COVID-19 vaccinations or boosters. Customer site vaccination requirements must be followed when work is performed at a customer site.
Apply on company website
Find Connections via Linkedin
