Career Opportunities: SENIOR SYSTEMS ENGINEER- PKI (REMOTE) (1420184)

Position Overview

The PKI Engineer is responsible for the ongoing management, support, and operational
maturity of Compass Group's enterprise Public Key Infrastructure (PKI) and enterprise-level
Active Directory environment. This senior-level role supports secure certificate lifecycle
management and core directory services across multiple domains in both on-premises and
AWS environments. The engineer collaborates with Cloud Operations, Security Architecture,
and Infrastructure teams to ensure secure, highly available, and scalable identity and certificate
services.

Key Responsibilities

Public Key Infrastructure (PKI)

• Administer and support enterprise certificate authorities (Root and Subordinate CAs) in a hybrid environment.
• Operate and maintain certificate lifecycle tools, including Venafi (required), AppViewX, Certmonger, Centrify, and AWS Certificate Manager (ACM).
• Deploy and automate TLS/SSL certificates across internal and public-facing systems.
• Monitor PKI services for performance, availability, and compliance with Compass security standards.
• Automate certificate issuance, renewal, and revocation using scripting tools such as PowerShell and Bash.
• Troubleshoot certificate issues across diverse systems and applications in Windows and Linux environments.
• Maintain clear documentation of PKI processes, policies, and procedures for internal use and audits.
• Partner with security and architecture teams to enforce and enhance certificate issuance policies.

Active Directory (AD)

• Serve as a senior engineer and subject matter expert for Microsoft Active Directory in a multidomain enterprise.
• Design, manage, and troubleshoot Group Policy Objects (GPOs) to enforce security baselines and configuration standards.
• Support key AD components, including DNS, DHCP, replication, Sites and Services, FSMO role health, and AD-integrated applications.
• Lead AD modernization efforts, including version upgrades, domain controller lifecycle, and hybrid identity integration.
• Create and maintain automation scripts for Active Directory operations using PowerShell.
• Manage privileged identities and support Group Managed Service Account (gMSA) implementations.
• Monitor AD health, perform root cause analysis for directory-related issues, and participate in disaster recovery planning and testing.
• Collaborate on projects involving authentication, PKI-based access, federation, and identity management.

Required Qualifications

• 5+ years of experience in infrastructure or security engineering roles with hands-on PKI and Active Directory responsibilities.
• Proficiency with Microsoft Active Directory Certificate Services (ADCS) and enterprise CA administration.
• Proven experience with enterprise Active Directory, including GPO, DNS, replication, and secure configuration practices.
• Experience with certificate lifecycle management platforms such as Venafi (required), AppViewX, or Certmonger.
• Advanced scripting skills in PowerShell (required); Bash or Python is a plus.
• Deep understanding of TLS/SSL, OCSP, CRL, and certificate trust models.
• Strong troubleshooting skills in both Windows and Linux environments.

Preferred Qualifications

• Experience with cloud-based certificate and directory services, especially AWS (e.g., ACM, AWS Directory Services).
• Familiarity with certificate-based authentication solutions (e.g., mutual TLS, client certificates, smart cards).
• Working knowledge of identity and access management frameworks and technologies.
• Experience supporting Linux environments and tools related to certificate enrollment and validation.
• Exposure to infrastructure automation, Infrastructure-as-Code (IaC), or CI/CD pipeline integration for identity and certificate services.