SENIOR SYSTEMS ENGINEER – PUBLIC KEY INFRASTRUCTURE (PKI)
Lalaith Astor Technical Consulting House (LATCH) provides technical consulting services to the US Federal Government. We provide dependable high-quality solutions as well as innovative architecture, engineering, and functional designs. Our core values enable us to bring unique viewpoints as we approach our work such as understanding and adopting the client’s mission; delivering technical solutions that are aligned to client goals, objectives, and budgets; empowering customers through Systems Engineering and Technical Assistance (SETA) services; and producing high quality, value-driven work products.
At LATCH, you’ll work with clients and a leadership team that empowers our people to think audaciously, welcomes differences, encourages pride in our work while exposing and solving emerging challenges to meet impactful commitments
The LATCH Senior Public Key Infrastructure Systems Engineer focuses on PKI technologies, Venafi, and multi-factor authentication (MFA). Responsible for the design, implementation, and maintenance of highly secure network systems. Leverage advanced understanding of PKI to develop and enhance cryptographic systems and digital certificates lifecycle management ensuring the secure identification and authentication of users and systems. They manage the Venafi platform for automation and protection of cryptographic keys, reducing. Deploy and maintain MFA functionalities, stay updated with the latest security regulations, advisories, alerts, and vulnerabilities pertaining to the organization and its mission related to PKI and MFA.
Responsibilities and Duties
Duties will include, but are not limited to, the following.
- PKI System Management: Oversee the design, installation, and maintenance of secure network systems, with a strong focus on Public Key Infrastructure (PKI) technologies.
- Cryptographic Keys and Digital Certificates Lifecycle Management: Handle the management, distribution, and protection of cryptographic keys and digital certificates.
- Venafi Platform Administration: Take charge of the Venafi platform deployed in hybrid configuration (cloud and on-prem), utilizing it for the automation and protection of cryptographic keys.
- Multi-factor Authentication Deployment/Configuration: Implement and manage multi-factor authentication to enhance system security and access control to meet OMB M-20-09 requirements.
- System Maintenance: Conduct regular audits and maintenance of the system to identify potential vulnerabilities or identify areas for improvement and remediate vulnerabilities identified as part of the continuous monitoring processes.
- Security Integration: Work alongside cross-functional teams to ensure the consistent application of security technologies and configurations across all business areas.
- Security Updates Monitoring: Stay informed of the latest security regulations, advisories, alerts, and vulnerabilities that could impact the organization.
- Security Policy and Standards Creation: Contribute technical expertise to the creation and implementation of security policies and standards.
- Team Training: Provide training and mentorship to junior staff on security procedures, PKI, Venafi, and multi-factor authentication systems.
- Problem-solving: Troubleshoot and resolve issues related to PKI, Venafi, and multi-factor authentication systems, ensuring minimal impact on operations.
- Communication: Convey complex information effectively to a diverse audience, including non-technical stakeholders.
- Regulatory Compliance: Ensure adherence to industry best practices and regulatory requirements for handling sensitive data and help maintain system Authority to Operate (ATO).
Specific tasks include, but are not limited to, the following:
- PKI System Tasks: Create, install, and configure PKI systems, ensuring the trustworthiness of keys and certificates within the organization’s network.
- Key and Certificate Management: Generate, distribute, and revoke cryptographic keys and digital certificates as required.
- Identify opportunities to automate certificate management leveraging industry best practices (standard protocols and tools)
- Venafi Management: Monitor and administer the Venafi platform, including installing updates, managing certificates, and troubleshooting any issues that arise.
- MFA Deployment: Install and configure multi-factor authentication systems, integrating them with existing user authentication processes.
- System Audit: Run detailed security audits, analyzing system logs, identifying discrepancies, and preparing audit reports with recommendations.
- Security Integration: Work with the software development and network teams to integrate security protocols into new and existing systems.
- Monitor Security Alerts: Regularly check and respond to security advisories, alerts, and vulnerability bulletins, adjusting system configurations as needed.
- Policy Creation: Write and revise technical sections of security policies and standards, incorporating industry best practices and regulatory requirements.
Desired Qualifications and Skills
It is desirable that the candidate has the following qualifications:
- Excellent problem-solving abilities and a strong attention to detail.
- Experience with Venafi or similar platforms such as DigiCert, GlobalSign, or Azure Key Vault.
- Strong communication skills, with the ability to explain complex topics to a diverse audience.
- Understanding of cloud technologies and architectures, such as Azure or AWS Government Cloud.
- Proficiency in scripting languages such as Python, Perl, or Bash for automation of tasks.
- Strong understanding of network security principles and internet protocols.
- Ability to work collaboratively within a team and independently when needed.
- Understanding of RADIUS protocols, SAML, LDAP, and Cisco ISE.
- Understanding of ACME Protocol or similar protocols such as CMP or cloud provider solutions.
- Familiarity with regulations and standards such as ISO 27001, NIST, and GDPR.
- Aptitude for learning new technologies quickly.
- Proven ability to manage multiple tasks and projects under tight deadlines.
- Ability to maintain a high level of discretion for handling sensitive information.
Bachelor’s Degree in Computer Science, Information Systems, Engineering, or a related field
$175,000 – $185,000
LATCH’s benefits program offers a comprehensive range of choices which include:
- 401(k) matching
- Dental insurance
- Health insurance
- Paid time off
- Parental leave
- Professional development assistance
- Referral program
- Vision insurance
All qualified applicants will receive consideration for employment without regard to race, creed, religion, gender, gender identity, sexual orientation, color, national origin, ancestry, familial status, military status, age, disability, marital status, or status with regard to public assistance.