PKI Engineer

Overview

SkyePoint Decisions is a leading Cybersecurity Architecture and Engineering, Critical Infrastructure and Operations, and Applications Development and Maintenance IT service provider headquartered in Dulles, Virginia with operations across the U.S. We provide innovative enterprise-wide solutions as well as targeted services addressing the complex challenges faced by our federal government clients. Our focus is on enabling our clients to deliver their mission most efficiently and effectively – anytime, anywhere, securely. We combine technical expertise, mission awareness, and an empowered workforce to produce meaningful results.

Responsibilities

This is a contingent position based upon customer approval.As a SkyePoint employee you will be given the opportunity to design, configure, and deploy some of the IT industry’s latest products and services to ensure that our most critical customers maintain the ability to securely communicate and collaborate to meet mission demands.  In your new role you will share and partner with other like-minded, dedicated professionals to review your thoughts and ideas to improve upon and deploy new enterprise IT infrastructures and configurations. You will utilize not only your existing enterprise IT skills and talents to meet your customer’s needs, but also draw upon those new skills that you will learn in your new role. Your ideas and contributions will matter.

What can you achieve and how you will make a difference –

You will support the Department of State (DoS) Bureau of Information Resource Management (IRM) PKI program. This program provides transparent security services in support of the Department’s goals to secure communications among Department staff and systems. The position falls under the "SI Division support service line of the contract.

It will be a senior level PKI engineering position, providing PKI engineering and integration support, administering, maintaining, and deploying various PKI systems on prem and in cloud.  

The preferred candidate must possess strong skills in designing, installing, configuring, and maintaining PKI systems. Additionally, the preferred candidate should have some experience in providing tier-3 level support in large enterprises. Cloud Key vaulting, Zero Trust Architecture and modern authentication know how are highly desirable.

Qualifications

The Talent You Bring with these Qualifications 

Responsiblities Include:

• Performing all aspects of systems design and PKI engineering in support of various PKI systems deployed at the Department of State.
• Manage and maintain enclaved server hardware, storage, switches, server operating systems, and Hardware Security Modules (HSMs)
• Providing in-depth subject matter expertise for engineering support related to Public Key Infrastructure (PKI) systems, especially in a government setting.
• Maintaining existing PKI systems – patch existing systems, deploy new components based on customer demand
• Assist in evaluating and deploying solutions to support modern authentication (i.e SAML based authentication, FIDO2, PIV Derived Credential, etc.…)
• Assist in designing and deploying solution in support of migrating to a Zero Trust Architecture environment
• Performing problem analysis following any service issues to prevent recurrence
• Identifying security risks to customer systems and suggest mitigations
• Designing, building, and managing PKI enclaves conforming to the policies and standards of the Department of State, Homeland Security Presidential Directive 12 (HSPD-12), Federal Bridge Certification Authority (FBCA), National Institute of Standards and Technology (NIST), and other policies and standards as required.
• Identifying security architectures and implementation gaps, vulnerabilities, and risks; developing, testing, and implementing solutions to address the gaps, and new or updated requirements.
• Developing test cases for software/hardware testing and developing test evaluation reports for stakeholders.
• Developing and updating systems documentation (e.g., ConOps, Operating procedures, systems architecture documents.)
• Ensuring the NIST 800-53 Rev. 4 security controls, where applicable, are in place and validated on all PKI systems.
• Contribute to the technical direction on all areas of PKI architecture, strategies and automation and enforce governance and standards.

Qualifications

Required Education, Experience, Skills, Attributes

• Bachelors and nine (9) years or more of relevant experience; Masters and seven (7) years or more of relevant experience; may accept additional experience in lieu of degree
• Strong background in the Microsoft server operating systems and Certificate Authority (CA) providers
• General understanding of cryptographic keys, symmetric and asymmetric keys, cryptographic key algorithms and cipher blocks
• Working knowledge with network devices particularly Cisco switches.
• Network infrastructure diagnostics (TCP/IP general networking knowledge, network monitoring tools)
• Virtualization technologies – VMWare ESXI, vCenter, VMWare NSX
• Working knowledge of external storage solutions, storage area networks (SANs), and Fiber Channel networks
• Professionally and effectively communicate; both verbal and written at all levels within the organization
• Ability to think analytically, troubleshoot, and solve problems
• Ability to troubleshoot and resolve network/application/operating system issues
• Self-starter, able to work independently with minimum supervision
• Excellent MS-Windows Server administration & maintenance skills
• Excellent oral and written communication skills
• Excellent analytical and troubleshooting skills

Required Clearance

• US Citizenship
• Must have the ability to obtain Top Secret clearance. 
• Active Secret or Top Secret clearance is preferred.

Desired Experience, Skills, & Attributes

• Knowledge of Entrust suite of PKI products (Security Manager, Administration Services, Security Manager Proxy) especially in a government setting.
• Hands-on experience with Hardware Security Modules (HSMs), and external storage solutions.
• Working knowledge with a Card Management Systems (CMS) solution for Smart Cards.
• Experience integrating managed devices into MDM solutions (AirWatch, Intune).
• Understanding of cloud security implementation practices, particularly PKI related. (Azure, AWS, etc.)
• Working knowledge of Zero Trust Architecture and modern credential management and authentication
• PowerShell scripting experience and/or other scripting expertise.
• Network infrastructure diagnostics (TCP/IP general networking knowledge, network monitoring tools)
• Expert level skills in virtualization technologies (e.g., VMWare vSphere)
• Operational experience with LDAP and PKI Directory Management
• Engineering and Integration experience with Two-factor authentication: RSA, PIV cards, custom smart card solutions, and biometric authentication.
• Working experience deploying OCSP capabilities within a diverse and international organization
• Experience with Enterprise Systems Architecture, engineering, and deployment

Applicants selected for this position will require an active Secret clearance with the ability to obtain a Top Secret clearance, and background screening. Applicants selected for this role will be put in for a Top Secret security clearance will be subject to a security investigation and must meet eligibility requirement for access to classified information.

What We Can Offer You - 

• Great Benefits: >70%-80% of medical premiums cost share paid by SkyePoint, several insurance options including HMO and High Deductible plans with Health Savings Accounts [HSAs], Flex Spending Accounts [FSAs], Full Dental Plans, ST/LT Disability, Life Insurance, floating federal holiday options, and 401k matched
• Certification Incentive Program

• Paid Referral Program 

• Corporate Sponsored Community Engagement (Giving Back) events every quarter
• SkyePoint DoD SkillBridge Industry Partner Fellowship Program

• SkyePoint Professional Growth Programs (Internal Training and Mentoring)
• SkyePoint Azure Development Environment available to all Developers and technical staff to develop solutions for customers and/or to create innovation to win new business 

• SkyePoint Professional Sports Ticket Perks, Quarterly Employee Morale Lunches, and Semi-Annual team-building events
• Flexible Work Environment

SkyePoint Decisions is an established ISO 9001:2015 and ISO/IEC 27001:2013 certified small business and appraised at CMMI Level 3 (with SAM) for Services. We possess a common vision of excellence and foster a collaborative team culture built upon individual performance and accountability. We invest in our people and systems to create value for our clients. It is the SkyePoint Way. We are grateful for the opportunity to work with exceptional people and give back to the communities we serve. Our employees value the flexibility at SkyePoint that allows them to balance quality work and their personal lives.

As a federal contractor, SkyePoint is subject to any federal vaccine mandates or other customer vaccination requirements. All new hires are required to report their vaccination status.

SkyePoint Decisions is committed to hiring and retaining a diverse workforce. We are an Equal Opportunity Employer, making decisions without regard to race, color, religion, sex, national origin, age, veteran status, disability, or any other protected class. U.S. Citizenship is required for most positions.