PKI Governance and Configuration Manager

Description

We are seeking a highly skilled Senior PKI Governance & Configuration Manager to oversee the integrity, security, and compliance of Department of State’s mission-critical Public Key Infrastructure (PKI) and Credential hosting systems. This role is a hybrid of technical configuration management and high-level cybersecurity governance. You will be the primary architect of compliance, ensuring that all systems across Unclassified, Classified, and SaaS environments maintain their Authority to Operate (ATO). You will bridge the gap between technical PKI operations, engineering and federal regulatory requirements, specifically focusing on NIST SP 800-53, FedRAMP frameworks, and other applicable Federal standards. 

This role is onsite in Springfield, VA.

PKI & Credential Systems Governance:

• Direct the governance lifecycle for multiple PKI systems and Credential Hosting environments.
• Enforce adherence to Certificate Policy (CP) and Certification Practice Statements (CPS).
• Lead the development and implementation of PKI-related policies across diverse network fabrics.

Compliance & Artifact Development (NIST/FedRAMP):

• Serve as the Lead for all NIST SP 800-53 security compliance assessments.
• Author, review, and maintain a comprehensive library of security artifacts (SSP, SAR, POA&M, etc.).
• Manage the end-to-end FedRAMP certification process for SaaS offerings.
• Ensure continuous monitoring and timely remediation to maintain ATO status for all systems.

Configuration & Change Management:

• Establish and manage strict Configuration Management (CM) baselines for PKI hardware and software.
• Lead the Change Advisory Board (CAB) for identity services, evaluating the security impact of all system modifications.
• Maintain rigorous documentation of system architectures and configuration settings.

Multi-Network Oversight:

• Synchronize security postures across Unclassified (NIPR), Classified (SIPR), and Cloud/SaaS environments.
• Coordinate with cross-functional teams to ensure seamless identity management and credential interoperability.

The Ideal Candidate will be:

• Meticulous: You have an eye for detail, ensuring that a single misconfigured control doesn't compromise an entire assessment.
• Strategist: You can translate complex federal mandates into actionable technical requirements for engineering teams.
• Communicator: You are comfortable briefing Authorizing Officials (AOs) and stakeholders on risk posture and compliance gaps.

Qualifications

Required Education & Experience:

• Bachelors and nine (9) years or more experience; Masters and seven (7) years or more experience; may accept additional experience in lieu of degree.
• 8+ years in Cybersecurity, with at least 5 years specifically focused on PKI and Federal Governance (GRC).
• Deep understanding of X.509 certificates, HSMs (Hardware Security Modules), CRLs, and OCSP.
• Mastery of NIST SP 800-53, NIST SP 800-37 (RMF), FIPS 140-2/3, NIST SP 800-157 (Rev-1), NIST SP 800-63. and FedRAMP Moderate/High requirements.
• Proven track record of successfully taking a system through the full A&A (Assessment and Authorization) process to achieve an ATO.
• One or more certificate preferred: CISSP, CISM, or GSLC, ITIL, PMP, or specialized PKI certifications.

• Proficient in the following:

  • Identity Systems: Active Directory Certificate Services (ADCS), Entrust, or EJBCA.

  • Cloud Security: FedRAMP OSCAL, AWS/Azure Government Cloud security controls.

  • Tools: STIG Viewer, SCAP Compliance Checker, Nessus/ACAS, JIRA for CM.

  • Standards: FIPS 140-2/3, NIST SP 800-157 (PIV-I), NIST SP 800-63.

Required Clearance:

• US Citizenship.

• Active secret clearance with the ability to obtain a top secret clearance.