Microsoft PKI SME in London

Our client requires a Microsoft PKI Subject Matter Expert (SME) to assess, design, and optimise the organisation's Public Key Infrastructure (PKI) across on-premises and cloud environments. This role will focus on reviewing the existing certificate services landscape, identifying risks and gaps, and translating the current configuration into a secure, scalable, and repeatable design. The successful candidate will ensure PKI services support secure authentication, encryption, and compliance within a highly regulated and data-sensitive environment.

Key Responsibilities

• Conduct a detailed assessment of the current PKI environment, including Certificate Authorities (CAs), certificate templates, and trust chains.
• Document existing ('as-is') PKI architecture, configurations, and operational processes.
• Identify security risks, misconfigurations, and lifecycle management gaps (e.g. expiry, revocation, weak templates).
• Design a target-state ('to-be') PKI architecture, including:
• Root and subordinate CA hierarchy.
• Certificate enrolment and lifecycle processes.
• High availability and resilience considerations.
• Translate existing setup into a standardised, repeatable PKI design suitable for enterprise scale.
• Configure and optimise Active Directory Certificate Services (AD CS).
• Support certificate-based authentication scenarios, including:
• User and device authentication.
• Smartcards / passwordless authentication.
• Integration with Active Directory and Microsoft Entra ID.
• Enable secure certificate usage across services, including:
• TLS/SSL for applications and infrastructure.
• Email encryption (S/MIME).
• VPN and wireless authentication.
• Define and implement PKI governance, policies, and operational standards.
• Ensure alignment with security frameworks and regulatory requirements (e.g. ISO27001, NIST, legal sector obligations).
• Provide clear documentation and knowledge transfer to operational teams.

Required Skills & Experience

• Strong hands-on experience with Microsoft PKI technologies, particularly Active Directory Certificate Services (AD CS).
• Proven experience in PKI design, implementation, and remediation.
• Experience conducting PKI health checks and security assessments.
• Strong knowledge of:
• Certificate lifecycle management (enrolment, renewal, revocation).
• Certificate templates and policies.
• Cryptography fundamentals (keys, hashing, encryption).
• Experience with certificate-based authentication and identity integration.
• Ability to translate complex environments into structured, repeatable designs.
• Strong documentation and stakeholder communication skills.

Desirable Experience

• Experience in highly regulated industries (legal, financial services, public sector).
• Exposure to cloud-integrated PKI, including:
• Microsoft Entra ID.
• Intune (device certificate deployment).
• Knowledge of Zero Trust architecture principles.
• Experience with PKI migration or modernisation programmes.
• Familiarity with hardware security modules (HSMs).

Key Deliverables

• Current-state PKI assessment report.
• Risk and gap analysis with prioritised remediation plan.
• Target-state PKI architecture and design documentation.
• Standardised certificate management model.
• Operational processes and governance framework.
• Knowledge transfer and implementation guidance.

Profile

• Highly detail-oriented with strong analytical capability.
• Strong focus on security, trust, and risk reduction.
• Comfortable operating as a standalone SME.
• Able to work across infrastructure, security, and identity teams.
• Strong communication skills, particularly in explaining complex PKI concepts to non-specialists.