Negotiable
Inside
Remote
London
Summary: The role of Microsoft PKI Subject Matter Expert (SME) involves assessing, designing, and optimizing the organization's Public Key Infrastructure (PKI) across both on-premises and cloud environments. The successful candidate will focus on reviewing existing certificate services, identifying risks, and ensuring secure authentication and compliance in a regulated environment. This position is fully remote and requires strong expertise in Microsoft PKI technologies, particularly Active Directory Certificate Services (AD CS). An active security clearance (SC) is advantageous for this role.
Key Responsibilities:
- Conduct a detailed assessment of the current PKI environment, including Certificate Authorities (CAs), certificate templates, and trust chains
- Document existing ("as-is") PKI architecture, configurations, and operational processes
- Identify security risks, misconfigurations, and lifecycle management gaps (eg expiry, revocation, weak templates)
- Design a target-state ("to-be") PKI architecture, including:
- Root and subordinate CA hierarchy
- Certificate enrolment and lifecycle processes
- High availability and resilience considerations
- Translate existing setup into a standardised, repeatable PKI design suitable for enterprise scale
- Configure and optimise Active Directory Certificate Services (AD CS)
- Support certificate-based authentication scenarios, including:
- User and device authentication
- Smartcards/passwordless authentication
- Integration with Active Directory and Microsoft Entra ID
- Enable secure certificate usage across services, including:
- TLS/SSL for applications and infrastructure
- Email encryption (S/MIME)
- VPN and wireless authentication
- Define and implement PKI governance, policies, and operational standards
- Ensure alignment with security frameworks and regulatory requirements (eg ISO27001, NIST, legal sector obligations)
- Provide clear documentation and knowledge transfer to operational teams
Key Skills:
- Strong hands-on experience with Microsoft PKI technologies, particularly Active Directory Certificate Services (AD CS)
- Proven experience in PKI design, implementation, and remediation
- Experience conducting PKI health checks and security assessments
- Strong knowledge of:
- Certificate lifecycle management (enrolment, renewal, revocation)
- Certificate templates and policies
- Cryptography fundamentals (keys, hashing, encryption)
- Experience with certificate-based authentication and identity integration
- Ability to translate complex environments into structured, repeatable designs
- Strong documentation and stakeholder communication skills
Salary: £750 Daily
City: London
Country: United Kingdom
Working Arrangements: remote
IR35 Status: inside IR35
Seniority Level: undetermined
Industry: IT
Detailed Description From Employer:
Microsfot PKI SME (AD CS & Certificate Services)
£700 - £750 P/D Inside IR35
3 months with scope to extend
Fully remote
Active SC would be advantageous
Our client requires a Microsoft PKI Subject Matter Expert (SME) to assess, design, and optimise the organisation's Public Key Infrastructure (PKI) across on-premises and cloud environments. This role will focus on reviewing the existing certificate services landscape, identifying risks and gaps, and translating the current configuration into a secure, scalable, and repeatable design. The successful candidate will ensure PKI services support secure authentication, encryption, and compliance within a highly regulated and data-sensitive environment.
Key Responsibilities
- Conduct a detailed assessment of the current PKI environment, including Certificate Authorities (CAs), certificate templates, and trust chains
- Document existing ("as-is") PKI architecture, configurations, and operational processes
- Identify security risks, misconfigurations, and lifecycle management gaps (eg expiry, revocation, weak templates)
- Design a target-state ("to-be") PKI architecture, including:
- Root and subordinate CA hierarchy
- Certificate enrolment and lifecycle processes
- High availability and resilience considerations
- Translate existing setup into a standardised, repeatable PKI design suitable for enterprise scale
- Configure and optimise Active Directory Certificate Services (AD CS)
- Support certificate-based authentication scenarios, including:
- User and device authentication
- Smartcards/passwordless authentication
- Integration with Active Directory and Microsoft Entra ID
- Enable secure certificate usage across services, including:
- TLS/SSL for applications and infrastructure
- Email encryption (S/MIME)
- VPN and wireless authentication
- Define and implement PKI governance, policies, and operational standards
- Ensure alignment with security frameworks and regulatory requirements (eg ISO27001, NIST, legal sector obligations)
- Provide clear documentation and knowledge transfer to operational teams
Required Skills & Experience
- Strong hands-on experience with Microsoft PKI technologies, particularly Active Directory Certificate Services (AD CS)
- Proven experience in PKI design, implementation, and remediation
- Experience conducting PKI health checks and security assessments
- Strong knowledge of:
- Certificate lifecycle management (enrolment, renewal, revocation)
- Certificate templates and policies
- Cryptography fundamentals (keys, hashing, encryption)
- Experience with certificate-based authentication and identity integration
- Ability to translate complex environments into structured, repeatable designs
- Strong documentation and stakeholder communication skills
Desirable Experience
- Experience in highly regulated industries (legal, financial services, public sector)
- Exposure to cloud-integrated PKI, including:
- Microsoft Entra ID
- Intune (device certificate deployment)
- Knowledge of Zero Trust architecture principles
- Experience with PKI migration or modernisation programmes
- Familiarity with hardware security modules (HSMs)
Key Deliverables
- Current-state PKI assessment report
- Risk and gap analysis with prioritised remediation plan
- Target-state PKI architecture and design documentation
- Standardised certificate management model
- Operational processes and governance framework
- Knowledge transfer and implementation guidance
Profile
- Highly detail-oriented with strong analytical capability
- Strong focus on security, trust, and risk reduction
- Comfortable operating as a standalone SME
- Able to work across infrastructure, security, and identity teams
- Strong communication skills, particularly in explaining complex PKI concepts to non-specialists