Job Description
Microsfot PKI SME (AD CS & Certificate Services)
£700 - £750 P/D Inside IR35
3 months with scope to extend
Fully remote
Active SC would be advantageous
Our client requires a Microsoft PKI Subject Matter Expert (SME) to assess, design, and optimise the organisation's Public Key Infrastructure (PKI) across on-premises and cloud environments.
This role will focus on reviewing the existing certificate services landscape, identifying risks and gaps, and translating the current configuration into a secure, scalable, and repeatable design. The successful candidate will ensure PKI services support secure authentication, encryption, and compliance within a highly regulated and data-sensitive environment.
Key Responsibilities
- Conduct a detailed assessment of the current PKI environment, including Certificate Authorities (CAs), certificate templates, and trust chains
- Document existing ("as-is") PKI architecture, configurations, and operational processes
- Identify security risks, misconfigurations, and life cycle management gaps (eg expiry, revocation, weak templates)
- Design a target-state ("to-be") PKI architecture, including:
- Root and subordinate CA hierarchy
- Certificate enrolment and life cycle processes
- High availability and resilience considerations
- Translate existing setup into a standardised, repeatable PKI design suitable for enterprise scale
- Configure and optimise Active Directory Certificate Services (AD CS)
- Support certificate-based authentication scenarios, including:
- User and device authentication
- Smartcards/passwordless authentication
- Integration with Active Directory and Microsoft Entra ID
- Enable secure certificate usage across services, including:
- TLS/SSL for applications and infrastructure
- Email encryption (S/MIME)
- VPN and wireless authentication
- Define and implement PKI governance, policies, and operational standards
- Ensure alignment with security frameworks and regulatory requirements (eg ISO27001, NIST, legal sector obligations)
- Provide clear documentation and knowledge transfer to operational teams
Required Skills & Experience
- Strong hands-on experience with Microsoft PKI technologies, particularly Active Directory Certificate Services (AD CS)
- Proven experience in PKI design, implementation, and remediation
- Experience conducting PKI health checks and security assessments
- Strong knowledge of:
- Certificate life cycle management (enrolment, renewal, revocation)
- Certificate templates and policies
- Cryptography fundamentals (keys, hashing, encryption)
- Experience with certificate-based authentication and identity integration
- Ability to translate complex environments into structured, repeatable designs
- Strong documentation and stakeholder communication skills
Desirable Experience
- Experience in highly regulated industries (legal, financial services, public sector)
- Exposure to cloud-integrated PKI, including:
- Microsoft Entra ID
- Intune (device certificate deployment)
- Knowledge of Zero Trust architecture principles
- Experience with PKI migration or modernisation programmes
- Familiarity with hardware security modules (HSMs)
Key Deliverables
- Current-state PKI assessment report
- Risk and gap analysis with prioritised remediation plan
- Target-state PKI architecture and design documentation
- Standardised certificate management model
- Operational processes and governance framework
- Knowledge transfer and implementation guidance
Profile
- Highly detail-oriented with strong analytical capability
- Strong focus on security, trust, and risk reduction
- Comfortable operating as a standalone SME
- Able to work across infrastructure, security, and identity teams
- Strong communication skills, particularly in explaining complex PKI concepts to non-specialists
