Role: Certificate Deployment Engineer
Role Purpose
We are looking for a hands‑on Certificate Deployment Engineer to support the assessment, testing and implementation of internal certificate management across on‑premise Microsoft server estate.
Requirements
Key Responsibilities
1. Server and Environment Discovery
* Review Windows Server estate in scope for certificate management.
* Confirm domain membership, server roles, operating system versions and environment classification.
* Identify certificate stores, current certificates, expiry dates, issuers and bindings.
* Support creation of a server‑to‑certificate mapping.
* Identify dependencies between servers, applications, SQL, reporting services and internal HTTPS endpoints.
* Support review of DMZ/workgroup servers and any constraints around access, trust and certificate deployment.
2. Certificate Deployment and Binding
* Install and configure certificates on Windows Servers.
* Validate certificate chains and trusted root/intermediate CA installation.
* Configure or support certificate bindings for IIS, internal web services, SSRS, SQL Server and application services.
* Support testing of certificate auto‑enrolment through Group Policy for domain‑joined servers.
* Support manual or scripted certificate deployment for non‑domain‑joined servers.
* Troubleshoot certificate store, private key, permissions, binding and service restart issues.
3. Active Directory and GPO Support
* Assist with Group Policy configuration and validation for certificate auto‑enrolment.
* Confirm target servers receive correct GPO settings.
* Validate certificate template permissions and enrolment rights from a server perspective.
* Support AD security group mapping for certificate enrolment.
* Troubleshoot GPO application and enrolment failures.
4. Testing and Validation
* Execute technical validation after certificate deployment.
* Confirm internal HTTPS services are accessible and trusted.
* Confirm SQL Server and SSRS continue to operate after certificate changes.
* Validate application portal access and internal server‑to‑server connectivity.
* Support vulnerability scan remediation checks where required.
* Capture test evidence before and after certificate changes.
* Support rollback or fix‑forward actions if certificate changes cause issues.
5. Operational Documentation
* Produce step‑by‑step implementation notes and server‑level runbooks.
* Document certificate installation and renewal procedures.
* Document troubleshooting steps for common certificate issues.
* Support creation of BAU operational procedures for certificate renewal.
* Capture evidence for audit and change management.
* Support handover to Pobal operational teams.
Required Skills and Experience
* Windows Server: Strong hands‑on experience administering Windows Server environments.
* Active Directory: Good understanding of AD, domain membership, GPOs, security groups and service accounts.
* Certificates: Practical experience installing, renewing, binding and troubleshooting certificates on Windows Servers.
* Certificate Stores: Understanding of local machine certificate stores, trusted roots, intermediates and private keys.
* IIS / Web Services: Experience configuring HTTPS bindings and certificate assignments.
* GPO Troubleshooting: Ability to validate and troubleshoot Group Policy application.
* PowerShell: Ability to use PowerShell for certificate discovery, export, import, validation and reporting.
* Infrastructure Troubleshooting: Strong troubleshooting skills across Windows services, event logs, connectivity and permissions.
* Change‑Controlled Environments: Experience working through planned changes, test evidence and production maintenance windows.
* Documentation: Ability to write clear implementation steps and operational runbooks.
Desirable Skills
* Experience with Microsoft AD CS and certificate auto‑enrolment.
* Experience with SQL Server certificate configuration.
* Experience with SQL Server Reporting Services certificate bindings.
* Experience supporting DMZ or workgroup Windows servers.
* Experience with public and private certificates, wildcard certificates and SAN certificates.
* Experience with vulnerability scan remediation.
* Experience supporting 24/7 production systems.
* Experience with monitoring and alerting tools.
* Experience in public sector, regulated or ISO 27001‑aligned environments.
#J-18808-Ljbffr