Senior PKI Engineer (VG00995) Job - Military veterans preferred



  full-time   employee

United States

Senior PKI Engineer (VG00995) (Job Number:440943)


SAIC is hiring a Senior PKI Engineer in Springfield, VA.

Job Description:

This is senior-level PKI engineering position within the Vanguard 2.2.1 contract program supporting the department of Sate providing PKI engineering and integration support, administering, maintaining, and deploying various PKI systems based on Entrust and Microsoft solutions, onsite at the various DoS Datacenters and at certain selected DoS domestic and overseas locations. The position requires strong skills in designing, installing, configuring, and maintaining PKI systems. Additionally requires experience in providing tier-3 level support in large enterprises.

Responsibilities include:

- Performing all aspects of systems design and PKI engineering in support of various PKI systems deployed at the Department of State.

- Manage and maintain enclaved server hardware, storage, switches, server operating systems, and Hardware Security Modules (HSMs)

- Providing in-depth subject matter expertise for engineering support related to Public Key Infrastructure (PKI) systems, especially in a government setting.

- Maintaining existing PKI systems – patch existing systems, deploy new components based on customer demand

- Directly work with customer to analyze requirements and then deploy security related solution to meet those requirements.

- Performing problem analysis following any service issues to prevent recurrence

- Performing product evaluations and making product recommendations

- Identifying security risks to customer systems and suggest mitigations

- Designing, building, and managing PKI enclaves conforming to the policies and standards of the Department of State, Homeland Security Presidential Directive 12 (HSPD-12), Federal Bridge Certification Authority (FBCA), National Institute of Standards and Technology (NIST), and other policies and standards as required.

- Identifying security architectures and implementation gaps, vulnerabilities, and risks; developing, testing, and implementing solutions to address the gaps, and new or updated requirements.

- Developing test cases for software/hardware testing and developing test evaluation reports for stakeholders.

- Lead an effort in gathering requirements, performing gap analysis, developing and presenting potential solutions, and creating detailed design and implementation plans.

- Developing and updating systems documentation (e.g., ConOps, Operating procedures, systems architecture documents)

- Ensuring the NIST 800-53 Rev. 4 security controls, where applicable, are in place and validated on all PKI systems.

- Maintain and operate the Machine Readable Travel Document (MRTD) Certification Authority and Signature Delivery Service (SDS) systems

Required Education/Skills:

Bachelors and 14+ yrs exp or HS and 18+ years in lieu of degree will be accepted

- Strong background in the Microsoft server operating systems

- Working knowledge of external storage solutions, storage area networks (SANs), and Fibre Channel networks

- Professionally and effectively communicate; both verbal and written at all levels within the organization

- Working knowledge of RedHat Linux

- Ability to think analytically and solve problems

- Ability to troubleshoot and resolve network/application/operating system issues

- Self-starter, able to work independently with minimum supervision

- Excellent MS-Windows Server administration & maintenance

- Excellent oral and written communication skills

- Excellent analytical and troubleshooting skill

Desired Education/Skills:

- Expert knowledge of Entrust suite of PKI products (Security Manager, Administration Services, Security Manager Proxy) especially in a government setting.

- Hands-on experience with Hardware Security Modules (HSMs), and external storage solutions.

- Working knowledge of Thales nShield and SafeNet Hardware Security Modules

- Network device configuration – including firewalls and switches

- Network infrastructure diagnostics (TCP/IP general networking knowledge, network monitoring tools)

- Expertise with PKIs and related technologies (LDAP directories, HSMs, OCSP) and security practices

- Expert level skills in virtualization technologies (e.g., VMWare vSphere)

- Strong Interpersonal skills including the ability to collaborate effectively, self-awareness, and excellent written and oral communications.

- Excellent writing skills

- Operational experience with LDAP and PKI Directory Management

- Engineering and Integration experience with Two-factor authentication: RSA, PIV cards, custom smart card solutions, and biometric authentication.

- Working experience deploying OCSP capabilities within a diverse and international organization

- Working experience with Hardware Security Modules (HSM)

- Experience with Enterprise Systems Architecture, Engineering and deployment

- Experience with Certificate Authority (CA) systems

- CISSP, Security+, or similar certification

Clearance Requirement:

- Must possess an active secret clearance and be able to obtain a Top Secret level clearance.

SAIC Overview:SAIC is a premier technology integrator providing full life cycle services and solutions in the technical, engineering, intelligence, and enterprise information technology markets. SAIC is Redefining Ingenuity through its deep customer and domain knowledge to enable the delivery of systems engineering and integration offerings for large, complex projects. SAIC's approximately 15,000 employees are driven by integrity and mission focus to serve customers in the U.S. federal government. Headquartered in Reston, Virginia, SAIC has annual revenues of approximately $4.5 billion. For more information, visit For information on the benefits SAIC offers, see My SAIC Benefits. EOE AA M/F/Vet/Disability

Job Posting: Oct 12, 2018, 10:14:44 AM
Primary Location: United States-VA-SPRINGFIELD
Clearance Level Must Currently Possess: Secret
Clearance Level Must Be Able to Obtain: Top Secret
Potential for Teleworking: No
Travel: Yes, 10% of the time
Shift: Day Job
Schedule: Full-time