Microsoft Active Directory Public Key Infrastructure Expert

Summary

Join our team as a Microsoft Active Directory Public Key Infrastructure (AD PKI) Expert for a short-term engagement. You will conduct a thorough review of our existing PKI environment, providing a detailed report on its current state, including recommendations for migration, separation, and alternative architectures. Your analysis will cover Certificate Authorities, Certificate Templates, and security configurations. You will identify potential issues and vulnerabilities, offering best practices for improvement. You will also design high-level architecture options and suggest enhancements for security, compliance, and resilience. This role requires expert-level knowledge of Microsoft AD Certificate Services and experience with PKI migrations and cloud-based solutions.

Requirements

• Possess expert-level knowledge of Microsoft AD Certificate Services (AD CS), PKI design, implementation, and security best practices
• Have experience with certificate lifecycle management, HSMs, and enterprise PKI solutions
• Demonstrate a strong understanding of certificate-based authentication, encryption, and digital signatures
• Have hands-on experience in PKI migrations, separation strategies, and hybrid cloud PKI deployments
• Be familiar with cloud-based PKI alternatives, such as Microsoft Intune SCEP, AWS Private CA, or Azure Key Vault
• Have experience with PowerShell scripting for automation of PKI-related tasks
• Possess knowledge of compliance frameworks (NIST, CIS, ISO 27001) and PKI security hardening techniques

Responsibilities

• Conduct a thorough review of the existing AD PKI infrastructure, including Certificate Authorities (CAs), Certificate Templates, CRL distribution, and Auto-Enrollment policies
• Analyze dependencies, security configurations, and compliance gaps
• Evaluate PKI integration with Active Directory, network services, and enterprise applications
• Provide a detailed assessment report outlining the current PKI architecture, strengths, weaknesses, and risks
• Identify potential issues, security vulnerabilities, and areas for improvement
• Offer guidance on best practices for PKI security hardening and lifecycle management
• Provide expert recommendations on PKI migration and separation strategies, considering: Splitting PKI environments for multiple organizations or business units
• Migrating from on-premises to cloud-based PKI solutions (e.g., Microsoft Intune SCEP, AWS Private CA, or Azure Key Vault)
• Transitioning from legacy PKI to a modern, scalable architecture
• Assess the impact of moving to cloud-native, hybrid, or third-party PKI solutions
• Design and present high-level architecture options tailored to business requirements
• Provide recommendations for governance, automation, and certificate lifecycle management
• Suggest enhancements for security, compliance, and resilience (e.g., HSM integration, CRL optimization, OCSP setup)

Preferred Qualifications

Hold relevant certifications (preferred): Microsoft Certified: Identity and Access Administrator, CISSP, CISM, or other security-related certifications