PKI Specialist

Job Title Options: PKI Specialist

Location: Regina, Saskatchewan, Canada

Job Summary:

We are seeking a skilled and experienced Public Key Infrastructure (PKI) Professional with a strong focus on Certificate Lifecycle Management to join our Information Security team in Regina, Saskatchewan. This role is critical to maintaining the security and integrity of our digital landscape by ensuring the reliable operation and robust security of our internal and external PKI services. The successful candidate will be responsible for the day-to-day management, maintenance, and enhancement of our PKI environment, playing a key role in protecting our data, systems, and communications.

Responsibilities:

·       Manage the full Certificate Lifecycle: Oversee and execute all phases of certificate management, including request processing, generation, issuance, distribution, renewal, replacement, and timely revocation of various certificate types (SSL/TLS, S/MIME, code signing, client authentication, etc.).

·       Enforce PKI Policies and Procedures: Ensure strict adherence to established PKI policies, Certificate Practice Statements (CPS), and Certificate Policy (CP) documents.

·       Operate and Maintain PKI Infrastructure: Administer and maintain internal Certificate Authorities (CAs), Registration Authorities (RAs), and related components, including hardware and software.

·       Troubleshoot and Resolve PKI Issues: Identify, diagnose, and resolve issues related to certificate validity, trust chains, revocation status (CRL, OCSP), key usage, and connectivity problems impacting PKI services.

·       Contribute to PKI Design and Implementation: Participate in the design, planning, and implementation of new PKI solutions and enhancements based on evolving business needs and security requirements.

·       Ensure PKI Security: Implement and monitor security controls to protect the PKI infrastructure, including securing CA private keys, managing access controls, and monitoring for suspicious activity.

·       Maintain Compliance: Ensure the PKI environment meets internal security standards, industry best practices, and relevant regulatory requirements (e.g., privacy laws, industry-specific regulations).

·       Key Management: Assist in the secure generation, storage, and management of cryptographic keys, potentially involving Hardware Security Modules (HSMs).

·       Automate PKI Operations: Develop and implement scripts and tools to automate repetitive PKI tasks, such as certificate issuance, monitoring, and reporting, improving efficiency and reducing manual errors.

·       Document PKI Processes: Create and maintain comprehensive documentation for PKI configuration, procedures, policies, and troubleshooting guides.

·       Collaborate Across Teams: Work closely with IT infrastructure, network, application development, and other teams to integrate PKI solutions and provide expert guidance on certificate usage and security.

·       Stay Current with PKI Trends: Keep abreast of the latest developments, vulnerabilities, and best practices in the PKI and cryptographic space.

Qualifications:

·       Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field, or equivalent practical experience.1

·       5 years of experience in Information Technology, with a minimum of [Specify number] years focused specifically on Public Key Infrastructure (PKI) administration and support.

·       Proven experience managing Certificate Lifecycle Management processes in an enterprise environment.

·       Deep understanding of PKI concepts, including X.509 certificates, certificate chains, trust anchors, certificate revocation (CRLs, OCSP), key usage, and extensions.

·       Hands-on experience with Certificate Authority platforms, such as Microsoft Active Directory Certificate Services (AD CS), and/or commercial CAs.

·       Solid understanding of cryptographic principles, including asymmetric and symmetric encryption, hashing, and digital signatures.

·       Proficiency with SSL/TLS protocols and their application in securing web and network communications.

·       Experience with scripting languages (e.g., PowerShell, Python) for automating PKI-related tasks.

·       Familiarity with relevant security standards and frameworks (e.g., NIST, ISO 27001) and compliance requirements.

·       Excellent troubleshooting skills and the ability to diagnose and resolve complex PKI issues.

·       Strong communication skills, both written and verbal, with the ability to explain technical concepts clearly.

Professional Certifications (Preferred):

·       CompTIA Security+

·       (ISC)² CISSP (Certified Information Systems Security Professional)

·       (ISC)² CISM (Certified Information Security Manager)

·       Relevant GIAC certifications (e.g., GSEC, GCWN)

·       PKI-specific certifications (if available from vendors or organizations)

Bonus Points:

·       Experience with cloud-based PKI services (e.g., Azure Certificate Authority, AWS Certificate Manager).

·       Experience working with Hardware Security Modules (HSMs).

·       Familiarity with DevOps practices and automating PKI integration into CI/CD pipelines.

·       Experience with certificate management platforms or tools (e.g., Venafi, DigiCert ONE, Keyfactor).

·       Experience in a regulated industry (e.g., finance, healthcare, government).

·       Knowledge of other identity and access management technologies.

What We Offer:

·       Competitive salary and benefits package.

·       Comprehensive health, dental, and vision coverage.

·       Retirement savings plan.

·       Opportunities for professional development and training.

·       A supportive and collaborative work environment.2

·       The chance to work3 on challenging and impactful security initiatives.

·       [Mention any other specific perks like flexible work arrangements, wellness programs, etc.]

To Apply:

Interested candidates are invited to submit their resume and cover letter to resume.hr@ngitservices.com . Please include "PKI Specialist - Regina" in the subject line.

Equal Opportunity Employer Statement:

NGIT Services is an equal opportunity employer. We celebrate diversity and are committed to creating an inclusive environment for all employees. We encourage applications from all qualified individuals regardless of race, color, religion, gender, sexual orientation, age,5 disability, or veteran status.