AD & PKI Architect - 100% Remote

Role: AD & PKI Architect

Location: 100% Remote (USA & India - Who have H1b or B1 Visa are eligible)

Duration: Long Term

Experience: 15+ years

About the job

Job Summary:

We are seeking a highly experienced AD & PKI Architect to Assessment, design, implement, and maintain

enterprise-level Active Directory and Public Key Infrastructure solutions (Hybrid) for a large, complex IT

environment. The ideal candidate will have a proven track record in managing large-scale AD forests,

multi-tier domain environments, and enterprise certificate lifecycle management systems. Preference will

be given to candidates with consulting engagement experience with Microsoft, Venafi, or other leading

PKI/CLM vendor.

Responsibilities:

Active Directory Architecture & Management

• Architect, implement, and maintain large Active Directory forests with multi-tier domain environments.
• Plan and execute domain and forest consolidation strategies to improve efficiency and security.
• Ensure high availability, disaster recovery, and fault tolerance of directory services.
• Experience in the legacy environment

PKI Infrastructure Assessment, Design & Operations

• Assess existing PKI environments, identify gaps, and recommend remediation or modernization strategies.
• Perform enterprise-wide certificate discovery across servers, applications, network devices, and appliances.
• Consolidate and standardize disparate certificate environments under a unified enterprise PKI architecture.
• Migrate and integrate certificates into enterprise-grade Certificate Lifecycle Management (CLM) systems such as Venafi, DigiCert, or similar.
• Design and implement Microsoft PKI infrastructure, including CA hierarchy, root/subordinate CA setup, and certificate issuance policies.
• Ensure high availability, scalability, and compliance of PKI solutions.
• Lead the design, deployment, and consolidation of Microsoft PKI infrastructures.
• Manage Certificate Authority (CA) hierarchy design, root/subordinate CA setup, and lifecycle management.
• Implement enterprise-grade certificate lifecycle management systems (e.g., Venafi, DigiCert) for automation and compliance.
• Conduct certificate discovery across large AD forests, identifying and addressing non-compliant or expired certificates.

Security, Compliance & Governance

• Ensure PKI and AD solutions meet compliance frameworks such as ISO 27001, NIST, SOC 2, HIPAA, and GDPR.
• Define certificate issuance policies, revocation processes, and key management procedures.
• Collaborate with cybersecurity teams to integrate PKI into identity, authentication, and encryption solutions.

Consulting & Stakeholder Engagement

• Serve as a trusted advisor to internal stakeholders and customers on AD/PKI architecture best practices.
• Conduct technical assessments and recommend modernization strategies.
• Work closely with cross-functional teams, vendors, and clients to ensure project success.

Required Skills

1. 15+ years of hands-on experience in AD and PKI infrastructure architecture, deployment, and management.

Proven expertise in:

• Active Directory Forest/domain architecture
• Domain & forest consolidation
• Microsoft PKI infrastructure design & CA consolidation
• Venafi or equivalent certificate lifecycle management systems
• Certificate discovery and remediation in large environments

1. Strong knowledge of Kerberos, LDAP, DNS, DHCP, and AD Federation Services (ADFS).
2. Experience with HSM (Hardware Security Modules) and key management solutions.
3. Experience working as a consultant in large-scale enterprise environments.
4. Experience in ADManager Plus, ADAudit Plus, Password Manager Pro (dependency mapping/rotation readiness) and Key Manager Plus
5. Strong scripting and automation skills (PowerShell preferred).
6. Excellent problem-solving, documentation, and communication skills.