Microsoft PKI SME

Microsfot PKI SME (AD CS & Certificate Services)

£700 - £750 P/D Inside IR35

3 months with scope to extend

Fully remote

Active SC would be advantageous

Our client requires a Microsoft PKI Subject Matter Expert (SME) to assess, design, and optimise the organisation's Public Key Infrastructure (PKI) across on-premises and cloud environments.
This role will focus on reviewing the existing certificate services landscape, identifying risks and gaps, and translating the current configuration into a secure, scalable, and repeatable design. The successful candidate will ensure PKI services support secure authentication, encryption, and compliance within a highly regulated and data-sensitive environment.

Key Responsibilities

  • Conduct a detailed assessment of the current PKI environment, including Certificate Authorities (CAs), certificate templates, and trust chains
  • Document existing ("as-is") PKI architecture, configurations, and operational processes
  • Identify security risks, misconfigurations, and lifecycle management gaps (e.g. expiry, revocation, weak templates)
  • Design a target-state ("to-be") PKI architecture, including:
    • Root and subordinate CA hierarchy
    • Certificate enrolment and lifecycle processes
    • High availability and resilience considerations
  • Translate existing setup into a standardised, repeatable PKI design suitable for enterprise scale
  • Configure and optimise Active Directory Certificate Services (AD CS)
  • Support certificate-based authentication scenarios, including:
    • User and device authentication
    • Smartcards / passwordless authentication
    • Integration with Active Directory and Microsoft Entra ID
  • Enable secure certificate usage across services, including:
    • TLS/SSL for applications and infrastructure
    • Email encryption (S/MIME)
    • VPN and wireless authentication
  • Define and implement PKI governance, policies, and operational standards
  • Ensure alignment with security frameworks and regulatory requirements (e.g. ISO27001, NIST, legal sector obligations)
  • Provide clear documentation and knowledge transfer to operational teams

Required Skills & Experience

  • Strong hands-on experience with Microsoft PKI technologies, particularly Active Directory Certificate Services (AD CS)
  • Proven experience in PKI design, implementation, and remediation
  • Experience conducting PKI health checks and security assessments
  • Strong knowledge of:
    • Certificate lifecycle management (enrolment, renewal, revocation)
    • Certificate templates and policies
    • Cryptography fundamentals (keys, hashing, encryption)
  • Experience with certificate-based authentication and identity integration
  • Ability to translate complex environments into structured, repeatable designs
  • Strong documentation and stakeholder communication skills

Desirable Experience

  • Experience in highly regulated industries (legal, financial services, public sector)
  • Exposure to cloud-integrated PKI, including:
    • Microsoft Entra ID
    • Intune (device certificate deployment)
  • Knowledge of Zero Trust architecture principles
  • Experience with PKI migration or modernisation programmes
  • Familiarity with hardware security modules (HSMs)

Key Deliverables

  • Current-state PKI assessment report
  • Risk and gap analysis with prioritised remediation plan
  • Target-state PKI architecture and design documentation
  • Standardised certificate management model
  • Operational processes and governance framework
  • Knowledge transfer and implementation guidance

Profile

  • Highly detail-oriented with strong analytical capability
  • Strong focus on security, trust, and risk reduction
  • Comfortable operating as a standalone SME
  • Able to work across infrastructure, security, and identity teams
  • Strong communication skills, particularly in explaining complex PKI concepts to non-specialists
Apply Now
Apply Now

Job Details

Company
TXP
Location
London, United Kingdom
Hybrid / Remote Options
Employment Type
Contract
Salary
£700 - £750/day
Posted