PKI/SSH Engineer

PKI/SSH Engineer

We are currently recruiting for a PKI/SSH Engineer with Kubernetes experience to join one of our Insurance clients on a 6-month contract

Inside IR35/Hybrid

Experience Required:

• Extensive hands-on experience as a PKI Engineer, SSH Engineer, operating Venafi PKI, CLM and Venafi SSH Manager (Trust Protection Platform) in an enterprise environment.
• Strong Kubernetes experience
• Strong understanding of CA hierarchies, certificate chains, X.509, CRLs, OCSP, mTLS, and TLS configurations.
• Experience integrating PKI/SSH services with Azure Key Vault, AWS KMS, OpenSSH, Kubernetes and service mesh certificate architectures (mTLS, SPIFFE/SPIRE style identities).
• Proficiency with Scripting and automation (Python, PowerShell, Bash, Go, JSON) and IaC tools (Azure DevOps, Terraform, Ansible).
• Experience modernising TLS certificate and SSH key management processes, uplifting protocol versions, and improving trust configurations.
• Knowledge SSH tooling, including OpenSSL, OpenSSH, and Cloud Provider TLS/CA integrations and KMS APIs.
• Experience migrating from long-lived SSH keys to SSH CA certificate based authentication.
• Experience implementing workload identity across cloud platforms using certificates or cloud KMS.
• Strong understanding of NIST/FIPS standards and relevant IETF RFCs for PKI, TLS, and SSH.
• Knowledge of crypto-agility strategies, and CA agility patterns.

If this role is of interest and would like to know more, please apply now!

Guidant, Carbon60, Lorien & SRG - The Impellam Group Portfolio are acting as an Employment Business in relation to this vacancy.