PKI Operator

PKI Operator

Location: Corsham - 5days a week

Salary: 60K

DV Clearance required

Key Responsibilities Operational Support & Incident Management

• Provide 2nd/3rd line support for PKI services and supporting infrastructure, including root, subordinate, and issuing CA’s

• Troubleshoot and resolve certificate issuance, revocation, auto-enrolment, and chain validation issues.

• Manage and respond to incidents, service requests, and change tickets within SLA. Infrastructure support & maintenance

• Manage and respond to infrastructure focussed service requests such as: o Provision/de-provision AzureAD accounts o Setup SSO for applications o Monitor of Microsoft Defender portal and respond to security alerts o Configuration and maintenance of Microsoft Intune Certificate Lifecycle Management

• Assist with certificate requests, renewals, revocations, and rekeying operations.

• Monitor and ensure timely renewal of critical certificates to prevent outages.

• Maintain inventory of issued certificates and their expiration timelines.

System Monitoring and Maintenance

• Monitor the health of CA services, CRLs, OCSP responders, and AIA/CDP availability. • Ensure regular backups of CA keys, databases, configurations, platforms and state.

• Conduct patching and updates of PKI-related servers and services.

• Carry out collection, reporting and remediation tasks in order to maintain a crypto inventory Compliance and Security

• Ensure adherence to security best practices and organisational Certificate Policies (CP) and Certification Practice Statements (CPS).

• Review and manage audit logs for CA operations and maintain documentation for compliance.

• Implement role-based access control, separation of duties, and HSM usage per policy.

• Maintain accurate documentation of PKI processes, configurations, and procedures.

• Implement and enforce revocation policies.

Technical Skills and Experience Essential:

• An understanding of Public Key Infrastructure concepts, including certificate authorities (Root, Subordinate, Issuing), CRLs, OCSP, and key management.

• Windows Server Administration: Proficient in administering Windows Server, particularly Active Directory.

• Infrastructure Knowledge: Familiarity with DNS, DHCP, TCP/IP, and common network services.

• Ability to execute PowerShell scripts for automating certificate tasks and system checks.

• Awareness of role-based access control, key protection standards (e.g., FIPS 140-2), and separation of duties in secure environments.

• Experience using Microsoft Management Console (MMC) snap-ins, event logs, and SIEM platforms to identify and resolve issues proactively.

• Experience with IT asset management tools related to discovery and information collection

• Understanding of backup procedures.

• Ability to document technical processes.

• Familiarity with incident, problem, and change management processes (ITIL).

• Cloud infrastructure experience (AWS, Azure, Intune).

• Familiarity with regulatory frameworks: NIST, GDPR, etc.

• Proficiency in technical documentation (MS Word, Visio, PowerPoint, Excel).

Soft Skills and Experience Essential:

• Strong verbal and written communication skills for interacting with clients and documenting processes

• Analytical mindset and problem-solving capability.

• Detail-oriented and compliance-focused.

• Comfortable working independently and in cross-functional teams.

• Can follow written processes.

Qualifications & Certifications

• Desirable: CompTIA Security+, or a recognised Vendor Certification

• Security Clearance: DV. Benefits

• 27 days holiday + 8 public holidays (pro rata)

• Up to 5% employer pension contribution

• 10% annual performance-related bonus

• Uncapped sales incentives

• Annual charity donation of your choice

• Flexible benefits payment

• Private Healthcare