Microsfot PKI SME (AD CS & Certificate Services)

£700 - £750 P/D Inside IR35

3 months with scope to extend

Fully remote

Active SC would be advantageous

Our client requires a Microsoft PKI Subject Matter Expert (SME) to assess, design, and optimise the organisation's Public Key Infrastructure (PKI) across on-premises and cloud environments.
This role will focus on reviewing the existing certificate services landscape, identifying risks and gaps, and translating the current configuration into a secure, scalable, and repeatable design. The successful candidate will ensure PKI services support secure authentication, encryption, and compliance within a highly regulated and data-sensitive environment.

Key Responsibilities

• Conduct a detailed assessment of the current PKI environment, including Certificate Authorities (CAs), certificate templates, and trust chains
• Document existing ("as-is") PKI architecture, configurations, and operational processes
• Identify security risks, misconfigurations, and life cycle management gaps (eg expiry, revocation, weak templates)
• Design a target-state ("to-be") PKI architecture, including:
• Root and subordinate CA hierarchy
• Certificate enrolment and life cycle processes
• High availability and resilience considerations
• Translate existing setup into a standardised, repeatable PKI design suitable for enterprise scale
• Configure and optimise Active Directory Certificate Services (AD CS)
• Support certificate-based authentication scenarios, including:
• User and device authentication
• Smartcards/passwordless authentication
• Integration with Active Directory and Microsoft Entra ID
• Enable secure certificate usage across services, including:
• TLS/SSL for applications and infrastructure
• Email encryption (S/MIME)
• VPN and wireless authentication
• Define and implement PKI governance, policies, and operational standards
• Ensure alignment with security frameworks and regulatory requirements (eg ISO27001, NIST, legal sector obligations)
• Provide clear documentation and knowledge transfer to operational teams

Required Skills & Experience

• Strong hands-on experience with Microsoft PKI technologies, particularly Active Directory Certificate Services (AD CS)
• Proven experience in PKI design, implementation, and remediation
• Experience conducting PKI health checks and security assessments
• Strong knowledge of:
• Certificate life cycle management (enrolment, renewal, revocation)
• Certificate templates and policies
• Cryptography fundamentals (keys, hashing, encryption)
• Experience with certificate-based authentication and identity integration
• Ability to translate complex environments into structured, repeatable designs
• Strong documentation and stakeholder communication skills

Desirable Experience

• Experience in highly regulated industries (legal, financial services, public sector)
• Exposure to cloud-integrated PKI, including:
• Microsoft Entra ID
• Intune (device certificate deployment)
• Knowledge of Zero Trust architecture principles
• Experience with PKI migration or modernisation programmes
• Familiarity with hardware security modules (HSMs)

Key Deliverables

• Current-state PKI assessment report
• Risk and gap analysis with prioritised remediation plan
• Target-state PKI architecture and design documentation
• Standardised certificate management model
• Operational processes and governance framework
• Knowledge transfer and implementation guidance

Profile

• Highly detail-oriented with strong analytical capability
• Strong focus on security, trust, and risk reduction
• Comfortable operating as a standalone SME
• Able to work across infrastructure, security, and identity teams
• Strong communication skills, particularly in explaining complex PKI concepts to non-specialists