PKI Lead

2 days ago

Kempegowda International Airport, India Mumbai Rozgaar Full time

Roles & Responsibility:


• Lead the design, implementation, and maintenance of Microsoft Active Directory Certificate Services (ADCS) including Root CA, Issuing CAs, CRL Distribution Points

(CDPs), and OCSP responders.


• Administer and support NDES and SCEP gateway integration with mobile device management (MDM) platforms like Microsoft Intune.


• Manage certificate lifecycle management (CLM) processes for internal and external certificates including automation, monitoring, and renewal workflows.


• Design and enforce policies around certificate issuance, revocation, and renewal to align with organizational security and compliance standards.


• Ensure CRL and OCSP infrastructure availability and redundancy across hybrid environments.


• Work with application teams to integrate TLS/SSL certificates securely for web servers, APIs, IoT devices, and internal services.


• Implement robust data security controls, encryption standards, and digital signature enforcement using PKI.


• Collaborate with compliance and audit teams for regulatory reporting and encryption feasibility assessments.


• Maintain documentation, configuration baselines, and DR plans for PKI infrastructure.

Skills Required:


• Experience 8+ years of experience in PKI implementation and operations.


• Deep knowledge and hands-on experience with Microsoft ADCS, including

Standalone and Enterprise CAs. Strong expertise in NDES, SCEP, and integration with mobile or endpoint management solutions.


• Experience in managing CRL Distribution Points, OCSP responders, and AIA

locations.


• Proficiency in certificate lifecycle automation, PowerShell scripting, and use of tools

like certreq, certutil, or third-party CLM platforms.


• Understanding of cryptographic protocols, X.509 standards, and certificate-based authentication.


• Working knowledge of data security concepts, including encryption at rest/in transit,

key management, and regulatory compliance (e.g., DORA, GDPR, HIPAA).


• Experience in troubleshooting complex PKI issues across distributed environments.


• Experienced with HSM (Hardware Security Modules) and key protection strategies.


• Exposure to Cloud PKI or migration from on-prem PKI to cloud-native certificate services. Knowledge of Intune integration with NDES/SCEP for certificate delivery to mobile endpoints.


• Technical Skills PKI Implementation and deployment. Certification Authentication, Certification management, NDES, SCEP, ADCS, CDPs, OCSP etc.