Job Description:
Location: Erskine
Due to nature of this role we can only accept applications from UK nationals who are elgible for SC clearance
The Senior PKI Engineer is responsible for the build, configuration, deployment, and daily management of enterprise Public Key Infrastructure (PKI) solutions. This includes both Microsoft ADCS environments and third-party PKI tooling such as Thales CipherTrust and Digicert. The role requires hands-on experience with Hardware Security Modules (HSMs), Certificate Authority (CA) management, and secure key lifecycle operations.
Key Responsibilities:
1. PKI Architecture & DeploymentImplement scalable PKI solutions across hybrid environments.Configure and maintain Microsoft ADCS and third-party PKI tooling such as CipherTrust Manager.Integrate PKI with enterprise identity, authentication, and encryption services.
2. Operational ManagementPerform daily monitoring, maintenance, and troubleshooting of PKI systems.Manage certificate lifecycle processes including issuance, renewal, revocation, and auditing.Conduct key ceremonies and manage secure key storage and rotation. (will require travel)
3. Security & ComplianceEnsure PKI operations comply with internal security policies and external standards (e.g., NIST, ISO 27001).Maintain documentation for audits, incident response, and change management.Collaborate with compliance teams to support regulatory requirements.
4. Tooling & AutomationDevelop scripts and automation for certificate management and monitoring.Integrate PKI services with cloud-native platforms.
5. Collaboration & SupportWork closely with PKI SME’s, infrastructure, application, and security teams to support secure communications and data protection.Provide technical guidance and mentorship to junior engineers.
Required Qualifications:
6. Minimum 5 years of hands-on experience in PKI engineering or cryptographic infrastructure.
7. Strong expertise in Microsoft ADCS and PKI tooling like CipherTrust Manager.
8. Experience with HSMs (e.g., Thales Luna, SafeNet) and CA lifecycle management.
9. Solid understanding of X.509 certificates, TLS/SSL, OCSP, CRL, and key management protocols.
10. Proficiency in scripting (PowerShell, Python) and automation tools.
11. Familiarity with cloud KMS solutions (AWS, Azure, GCP) is a plus.
What we will do for you:
12. Competitive compensation
13. Pension scheme
14. DXC Select – Our comprehensive benefits package (includes private health/medical insurance, childcare vouchers, gym membership and more)
15. Perks at Work (discounts on technology, groceries, travel and more)
16. DXC incentives (recognition tools, employee lunches, regular social events etc)
At DXC Technology, we believe strong connections and community are key to our success. Our work model prioritizes in-person collaboration while offering flexibility to support wellbeing, productivity, individual work styles, and life circumstances. We’re committed to fostering an inclusive environment where everyone can thrive.