PKI Operator
Location: Corsham - 5days a week
Salary: 60K
DV Clearance required
Key Responsibilities Operational Support & Incident Management
• Provide 2nd/3rd line support for PKI services and supporting infrastructure, including root, subordinate, and issuing CA’s
• Troubleshoot and resolve certificate issuance, revocation, auto-enrolment, and chain validation issues.
• Manage and respond to incidents, service requests, and change tickets within SLA. Infrastructure support & maintenance
• Manage and respond to infrastructure focussed service requests such as: o Provision/de-provision AzureAD accounts o Setup SSO for applications o Monitor of Microsoft Defender portal and respond to security alerts o Configuration and maintenance of Microsoft Intune Certificate Lifecycle Management
• Assist with certificate requests, renewals, revocations, and rekeying operations.
• Monitor and ensure timely renewal of critical certificates to prevent outages.
• Maintain inventory of issued certificates and their expiration timelines.
System Monitoring and Maintenance
• Monitor the health of CA services, CRLs, OCSP responders, and AIA/CDP availability. • Ensure regular backups of CA keys, databases, configurations, platforms and state.
• Conduct patching and updates of PKI-related servers and services.
• Carry out collection, reporting and remediation tasks in order to maintain a crypto inventory Compliance and Security
• Ensure adherence to security best practices and organisational Certificate Policies (CP) and Certification Practice Statements (CPS).
• Review and manage audit logs for CA operations and maintain documentation for compliance.
• Implement role-based access control, separation of duties, and HSM usage per policy.
• Maintain accurate documentation of PKI processes, configurations, and procedures.
• Implement and enforce revocation policies.
Technical Skills and Experience Essential:
• An understanding of Public Key Infrastructure concepts, including certificate authorities (Root, Subordinate, Issuing), CRLs, OCSP, and key management.
• Windows Server Administration: Proficient in administering Windows Server, particularly Active Directory.
• Infrastructure Knowledge: Familiarity with DNS, DHCP, TCP/IP, and common network services.
• Ability to execute PowerShell scripts for automating certificate tasks and system checks.
• Awareness of role-based access control, key protection standards (e.g., FIPS 140-2), and separation of duties in secure environments.
• Experience using Microsoft Management Console (MMC) snap-ins, event logs, and SIEM platforms to identify and resolve issues proactively.
• Experience with IT asset management tools related to discovery and information collection
• Understanding of backup procedures.
• Ability to document technical processes.
• Familiarity with incident, problem, and change management processes (ITIL).
• Cloud infrastructure experience (AWS, Azure, Intune).
• Familiarity with regulatory frameworks: NIST, GDPR, etc.
• Proficiency in technical documentation (MS Word, Visio, PowerPoint, Excel).
Soft Skills and Experience Essential:
• Strong verbal and written communication skills for interacting with clients and documenting processes
• Analytical mindset and problem-solving capability.
• Detail-oriented and compliance-focused.
• Comfortable working independently and in cross-functional teams.
• Can follow written processes.
Qualifications & Certifications
• Desirable: CompTIA Security+, or a recognised Vendor Certification
• Security Clearance: DV. Benefits
• 27 days holiday + 8 public holidays (pro rata)
• Up to 5% employer pension contribution
• 10% annual performance-related bonus
• Uncapped sales incentives
• Annual charity donation of your choice
• Flexible benefits payment
• Private Healthcare