Certificate Deployment Engineer (Contract/Freelance)
Role Purpose
We are looking for a hands-on Certificate Deployment Engineer to support the assessment, testing and implementation of internal certificate management across an on-premise Microsoft server estate.
Requirements
Key Responsibilities
1. Server and Environment Discovery
* Review Windows Server estate in scope for certificate management.
* Confirm domain membership, server roles, operating system versions and environment classification.
* Identify certificate stores, current certificates, expiry dates, issuers and bindings.
* Support creation of a server-to-certificate mapping.
* Identify dependencies between servers, applications, SQL, reporting services and internal HTTPS endpoints.
* Support review of DMZ/workgroup servers and any constraints around access, trust and certificate deployment.
2. Certificate Deployment and Binding
* Install and configure certificates on Windows Servers.
* Validate certificate chains and trusted root/intermediate CA installation.
* Configure or support certificate bindings for IIS, internal web services, SSRS, SQL Server and application services.
* Support testing of certificate auto-enrolment through Group Policy for domain-joined servers.
* Support manual or scripted certificate deployment for non-domain-joined servers.
* Troubleshoot certificate store, private key, permissions, binding and service restart issues.
3. Active Directory and GPO Support
* Assist with Group Policy configuration and validation for certificate auto-enrolment.
* Confirm target servers receive correct GPO settings.
* Validate certificate template permissions and enrolment rights from a server perspective.
* Support AD security group mapping for certificate enrolment.
* Troubleshoot GPO application and enrolment failures.
4. Testing and Validation
* Execute technical validation after certificate deployment.
* Confirm internal HTTPS services are accessible and trusted.
* Confirm SQL Server and SSRS continue to operate after certificate changes.
* Validate application portal access and internal server-to-server connectivity.
* Support vulnerability scan remediation checks where required.
* Capture test evidence before and after certificate changes.
* Support rollback or fix-forward actions if certificate changes cause issues.
5. Operational Documentation
* Produce step-by-step implementation notes and server-level runbooks.
* Document certificate installation and renewal procedures.
* Document troubleshooting steps for common certificate issues.
* Support creation of BAU operational procedures for certificate renewal.
* Capture evidence for audit and change management.
* Support handover to Pobal operational teams.
Required Skills and Experience
Area
Requirement
Windows Server
Strong hands-on experience administering Windows Server environments.
Active Directory
Good understanding of AD, domain membership, GPOs, security