Public Key Infrastructure (PKI) Architect

Capital Technology Group provides expert consulting services software development, digital transformation, human-centered design, data analytics and visualization, and cybersecurity. 

Our multidisciplinary teams use agile methodologies to rapidly and incrementally deliver value in close collaboration with our clients. For over a decade, we have been trusted by both federal and commercial clients to solve complex, mission-critical business challenges. The quality of our work has been recognized by our partners and peers through our inclusion in the Digital Services Coalition, a group of forward- thinking firms recognized for excellence in delivering IT services.

Client Requirements: applicants MUST BE US Citizens and be able to obtain Public Trust clearance

The CTG Experience

At Capital Technology Group (CTG), our teams are passionate about modernizing how the federal government delivers software. We partner with federal agencies to build secure, scalable, and mission-driven solutions that make a meaningful impact on millions of people. Recognized as a 2025 Top Workplace by The Washington Post, CTG fosters a culture rooted in our core values. Our values guide how we work together and support one another, creating an environment where employees feel trusted, empowered, and encouraged to grow both personally and professionally.

About the Role

CTG is seeking a PKI Architect to design, implement, and modernize enterprise Public Key Infrastructure (PKI) and identity trust services supporting mission-critical federal systems. This role is ideal for a senior technical architect with deep expertise in cryptographic systems, identity security, and scalable infrastructure design across complex, highly secure environments.

You Will Get To

• Design, implement, and evolve PKI architectures that enable secure authentication and Zero Trust initiatives
• Build and support cloud-native solutions across AWS and Azure environments.
• Automate infrastructure, deployments, and operational processes using Ansible and CI/CD pipelines.
• Partner with security and engineering teams to implement DevSecOps practices and secure software delivery.
• Support compliance initiatives aligned with FIPS, NIST 800-53, FISMA, and Zero Trust Architecture principles.
• Monitor, troubleshoot, and optimize application and platform performance using security and observability tools.

Who You Are

• A collaborative engineer who enjoys solving complex technical and security challenges.
• Passionate about building scalable, secure, and reliable cloud-based solutions.
• Comfortable working across application development, cloud infrastructure, identity, and security domains.
• Skilled at balancing technical innovation with operational excellence and compliance requirements.
• An effective communicator who can work with cross-functional teams and stakeholders.

Qualifications

• Bachelor’s degree in Computer Science, Cybersecurity, Information Systems, Engineering, Mathematics, or a related technical field (or equivalent experience)
• 4+ years of professional experience in PKI architecting, cybersecurity engineering, identity and access management (IAM), infrastructure/security architecture, or enterprise platform engineering (not limited to application development)
• Experience designing and supporting PKI solutions in FICAM and Federal PKI (FPKI) environments.
• Experience with X.509 certificate lifecycle management, automation, and policy development.
• Knowledge of X.509 certificate policies and CA/Browser Forum standards.
• Experience implementing certificate automation using ACME.
• Experience with Hardware Security Modules (HSMs) and cryptographic key management.
• Familiarity with Post-Quantum Cryptography (PQC) concepts and migration strategies.
• Experience with PKI platforms including DigiCert, Entrust, Microsoft AD CS, and Let's Encrypt.
• Experience supporting CAC/PIV smart cards, server, code-signing, and S/MIME certificates, including certificate trust chains and validation.
• Experience with cloud platforms such as AWS and/or Azure.
• Familiarity with DevSecOps practices, CI/CD pipelines, and source control platforms such as GitHub Enterprise.
• Understanding of security frameworks and standards including NIST, FISMA, FIPS, and Zero Trust principles.

Nice to Have

• Experience using Docker and Kubernetes.
• Experience with Shibboleth, CyberArk, or HashiCorp Vault.
• Experience with Splunk, Tenable, Checkmarx, SonarQube, or related security tooling.
• Experience with STIG hardening, vulnerability management, or compliance programs.
• Familiarity with PIV authentication and identity governance solutions.
• Experience supporting highly regulated environments, including federal or public sector organizations.
• Relevant cloud, security, or architecture certifications.

Client Requirements

• Applicants must be U.S. Citizens
• Ability to obtain a Public Trust clearance

Salary

We are committed to offering a competitive salary for this position, with an estimated range of $110,000 to $150,000 annually. Please note that this range is intended to provide a general idea of what to expect. The final offer may vary based on experience, skills, and other factors.