The PKI Engineer is responsible for designing, operating, and enhancing the enterprise Public Key Infrastructure (PKI) and certificate management services. This role ensures secure authentication, encryption, and certificate lifecycle management across enterprise systems, supporting regulatory compliance and operational stability.
This position plays a critical role in scaling PKI services, driving automation, and reducing operational risk associated with certificate expiration, trust store management, and cryptographic operations.
YOUR RESPONSIBILITIES IN THIS ROLE: Eastern Time Zone (ET),1. PKI Infrastructure & Operations (Onprem and Cloud (AWS & Azure )
. Maintain and operate PKI platforms, including Certificate Authorities (CAs), HSMs, and certificate management systems
. Ensure availability, resiliency, and patching of PKI infrastructure
. Support certificate issuance, renewal, revocation, and lifecycle management
2. Certificate Lifecycle Management
. Manage large scale certificate environments across applications and infrastructure
. Ensure timely renewal and replacement of certificates
. Support trust store management and certificate chain integrity
3. Automation & Integration
. Build and implement automation for certificate lifecycle management
. Integrate PKI services with enterprise platforms (CI/CD pipelines, cloud services, applications)
. Deploy and operationalize tools such as connectors and automation pipelines
4. Governance, Standards & Policy Enforcement
. Enforce security policies related to certificate usage and cryptography
. Define and maintain standards for certificate issuance, validity, and usage
. Support compliance with regulatory frameworks (e.g., NIST, CMMC, PCI, TSA directives)
5. Cross Team Collaboration
. Partner with application and infrastructure teams to enable certificate automation
. Provide guidance and supporting tooling while ensuring clear ownership boundaries
. Assist teams with onboarding to PKI services and automation
6. Risk Reduction & Incident Support
. Identify and remediate risks related to certificate expiration, misconfiguration, or trust failures
. Support incident response involving certificate or encryption issues
. Improve visibility and reporting for certificate health and compliance
7. Emerging Crypto & Future Readiness
. Support adoption of new cryptographic standards (e.g., post quantum cryptography)
. Assist in modernization of PKI architecture and tooling
. Evaluate new solutions for scalability and resilience
Your future duties and responsibilities
Required qualifications to be successful in this role
Together, as owners, let’s turn meaningful insights into action.
Life at CGI is rooted in ownership, teamwork, respect and belonging. Here, you’ll reach your full potential because…
You are invited to be an owner from day 1 as we work together to bring our Dream to life. That’s why we call ourselves CGI Partners rather than employees. We benefit from our collective success and actively shape our company’s strategy and direction.
Your work creates value. You’ll develop innovative solutions and build relationships with teammates and clients while accessing global capabilities to scale your ideas, embrace new opportunities, and benefit from expansive industry and technology expertise.
You’ll shape your career by joining a company built to grow and last. You’ll be supported by leaders who care about your health and well-being and provide you with opportunities to deepen your skills and broaden your horizons.
That same commitment to fairness extends to how we use technology. To support our recruitment team, AI tools may be used to help assess applications though they never replace human judgement. All hiring decisions remain entirely in the hands of our recruitment professionals.
Come join our team—one of the largest IT and business consulting services firms in the world.