Public Key Infrastructure Engineer Job

Yoh covers the diverse talent and workforce management needs in the Aviation, Engineering, Health Care, IT, Life Sciences, Media & Entertainment and Telecom industries. You can be confident that we have the right talent and managed solution for you. You need it. Yoh has it!

PKI (Public Key Infrastructure) Engineer needed for a Contract opportunity with Yoh's client located in San Diego, CA.

- Architect, design, document, and support Public Key Infrastructure (PKI) systems and Public Key Enabled (PKE) solutions that provide the capability for smart card use on a multi-forest/multi-domain large enterprise network.

**Top Skills You Should Possess:** - Microsoft PKI - Public Key and Private Key - Active Directory expertise - PowerShell Scripting **What You Need to Bring to the Table:** **Microsoft Active Directory Certificate Services (ADCS)** - Certification Authority (CA) offline root and online issuing CAs - Online Certificate Status Protocol (OCSP) Responder - ADCS auto-enrollment - CA backup and restore **How the Microsoft Cryptographic Application Programming Interface (MSCAPI) behaves when validating certificates** - How certificate validation works - Certificate trust chains (to include MS trust stores) - Certificate Revocation Lists (CRLs) - OCSP responses - 509 certificate types, constructs, and attributes - Certificate Policy (CP) and Certificate Practice Statements (CPS) documentation (RFC 3647) **How asymmetric, symmetric, and key hashing works and their related cipher suites** - DoD PKI architecture and requirements (FIPS-140/201, PIV) - Use of Hardware Security Modules (HSMs) to protect private keys How certificates are manually obtained from a third party issuing CA - Creation of the private key - Certificate signing request - Import of the CA issued public key - Smart card readers and reader middleware - 90Meter - ActivClient - Microsoft mini-driver (native MS middleware) **How Active Directory (AD) smart card logon works** - UPN Mapping (one to one) - ALTSECID Mapping (one to many, many to one) - PKI containers in AD - Certificate use with email messages - Outlook configuration - Email sign and encrypt - Outlook Web Access **Certificate use for:** - 11i (Wireless) - 1x (Network Access Control) - SSL VPN **Creation of detailed architecture and design documents to include detailed diagramming** - Windows PowerShell scripting **Operating systems as they relate to PKI/PK:** - Windows 7 - Windows server 2008/2012 - Microsoft Group Policy Objects (GPOs) **Bonus Points! Otherwise Known As Preferred Qualifications:** - OpenSSL (PKI capabilities) - Java Keystores (keytool) - Axway Validation Authority and Desktop Validator - RedHat PKI - DoD DIACAP and STIG PKI requirements - MS PKI tools (certutil, certreq) - Microsoft IIS 7/8