JD for Principal Engineer – PKI

The Principal Engineer will be responsible for creation of procedures, implementation of processes and development of staff for managing and maintaining security systems across internal and client environments. The Principal Engineer will work closely with Management, Senior Engineers, Solution Architects, Senior Security Engineers, other Principal Security Engineers and clients to complete high profile, critical services to existing Managed Security Service clients. Serve as a subject matter expert and team lead, staying in tune with all client configuration issues and all internal projects.

How You’ll Make an Impact

• Lead the design, implementation, and lifecycle management of enterprise PKI solutions using Venafi as the primary tool, along with KeyFactor and Sectigo.
• Architect and manage certificate issuance, renewal, revocation, and automation across hybrid environments.
• Collaborate with security, infrastructure, and application teams to ensure seamless integration of PKI services.
• Provide technical leadership in PKI strategy, governance, and compliance.
• Drive automation and scalability of certificate management processes.
• Conduct root cause analysis and remediation for PKI-related incidents.
• Evaluate and test new PKI technologies and upgrades.
• Maintain detailed documentation for PKI architecture, configurations, and operational procedures.

What We’re Looking For

• 10+ years of hands-on experience in PKI management, with deep expertise in Venafi and Sectigo
• Strong understanding of certificate lifecycle management, cryptographic protocols, and identity-based security.
• Experience with KeyFactor, Sectigo, and other PKI platforms is a plus.
• Familiarity with Microsoft Azure and cloud-based certificate management.
• Bachelor’s degree in Computer Science, Information Security, or related field.
• Relevant certifications such as CISSP, CISM, or CCSK are preferred.
• Excellent written and verbal communication skills.
• Ability to work independently and collaboratively in a fast-paced environment.
• Proven track record of delivering secure and scalable PKI solutions.
• Understanding of network architecture and implementation is a must; ideal candidate will have worked with network security analysis.
• Excellent time management, reporting, and communication skills.
• Superior IT problem-solving skills.
• Knowledge of Linux and Windows Operating Systems
• An understanding of a wide array of server grade applications such as: DBMS, Exchange, DNS, SMTP, IIS, Apache, SharePoint, Active Directory, Identity Management, Patch Management, LDAP, SQL, and others
• Hands-on experience with automation using REST APIs and scripting languages (e.g., PowerShell, Python, Bash)
• This role demands the availability during US working hours (5 PM (IST) to 2 AM (IST))
• This role is a Work from Office role.

What you can expect from Optiv

• A company committed to championing Diversity, Equality, and Inclusion through our Employee Resource Groups.
• Work/life balance
• Professional training resources
• Creative problem-solving and the ability to tackle unique, complex projects
• Volunteer Opportunities. “Optiv Chips In” encourages employees to volunteer and engage with their teams and communities.
• The ability and technology necessary to productively work remotely/from home (where applicable)

EEO Statement

Optiv is an equal opportunity employer. All qualified applicants for employment will be considered without regard to race, color, religion, sex, gender identity or expression, sexual orientation, pregnancy, age 40 and over, marital status, genetic information, national origin, status as an individual with a disability, military or veteran status, or any other basis protected by federal, state, or local law.

Optiv respects your privacy. By providing your information through this page or applying for a job at Optiv, you acknowledge that Optiv will collect, use, and process your information, which may include personal information and sensitive personal information, in connection with Optiv’s selection and recruitment activities. For additional details on how Optiv uses and protects your personal information in the application process, click here to view our Applicant Privacy Notice. If you sign up to receive notifications of job postings, you may unsubscribe at any time.