Back to Jobs

Microsoft Active Directory Public Key Infrastructure (AD PKI) Expert

Remote, US
Full-TimeRemote, USOther

Job Description

Position Summary

We are seeking a Microsoft Active Directory Public Key Infrastructure (AD PKI) Expert for a short-term engagement to conduct a deep-dive discovery, analysis, and review of our existing PKI environment. The consultant will provide a detailed report on the current state, along with recommendations and options for migration, separation, and alternative on-premises or cloud-based architectures.

Key Responsibilities

• Deep-Dive PKI Discovery & Assessment

  • Conduct a thorough review of the existing AD PKI infrastructure, including Certificate Authorities (CAs), Certificate Templates, CRL distribution, and Auto-Enrollment policies.
  • Analyze dependencies, security configurations, and compliance gaps.
  • Evaluate PKI integration with Active Directory, network services, and enterprise applications.

• Analysis & Reporting

  • Provide a detailed assessment report outlining the current PKI architecture, strengths, weaknesses, and risks.
  • Identify potential issues, security vulnerabilities, and areas for improvement.
  • Offer guidance on best practices for PKI security hardening and lifecycle management.

• Migration & Separation Strategy

  • Provide expert recommendations on PKI migration and separation strategies, considering:
  • Splitting PKI environments for multiple organizations or business units.
  • Migrating from on-premises to cloud-based PKI solutions (e.g., Microsoft Intune SCEP, AWS Private CA, or Azure Key Vault).
  • Transitioning from legacy PKI to a modern, scalable architecture.
  • Assess the impact of moving to cloud-native, hybrid, or third-party PKI solutions.

• Future-State Architecture & Roadmap

  • Design and present high-level architecture options tailored to business requirements.
  • Provide recommendations for governance, automation, and certificate lifecycle management.
  • Suggest enhancements for security, compliance, and resilience (e.g., HSM integration, CRL optimization, OCSP setup).

Qualifications & Skills

  • Expert-level knowledge of Microsoft AD Certificate Services (AD CS), PKI design, implementation, and security best practices.
  • Experience with certificate lifecycle management, HSMs, and enterprise PKI solutions.
  • Strong understanding of certificate-based authentication, encryption, and digital signatures.
  • Hands-on experience in PKI migrations, separation strategies, and hybrid cloud PKI deployments.
  • Familiarity with cloud-based PKI alternatives, such as Microsoft Intune SCEP, AWS Private CA, or Azure Key Vault.
  • Experience with PowerShell scripting for automation of PKI-related tasks.
  • Knowledge of compliance frameworks (NIST, CIS, ISO 27001) and PKI security hardening techniques.
  • Relevant certifications (preferred): Microsoft Certified: Identity and Access Administrator, CISSP, CISM, or other security-related certifications.