Deadline Date: Wednesday 2 April 2025
Requirement: PKI Infrastructure Specialist
Location: Mons, BE
Full Time On-Site: Yes
Time On-Site: 100%
Total Scope of the request (hours): 1114
Required Start Date: 12 May 2025
End Contract Date: 31 December 2025
Required Security Clearance: NATO SECRET
Duties and Role:
PKI Strategy and Architecture Duties:
* Lead the design, implementation, and continuous improvement of enterprise PKI solutions, including Certificate Authorities (CAs), Registration Authorities (RAs), and Hardware Security Modules (HSMs).
* Define and enforce PKI security policies, standards, and best practices to align with NATO policy and industry requirements.
* Develop a strategic roadmap for PKI evolution, including cloud-based cryptographic services and post-quantum cryptography readiness.
* Proven ability to define and execute PKI strategies at an enterprise level.
* Strong analytical and problem-solving skills with a risk-based approach to security.
* Excellent communication skills to engage both technical and executive stakeholders.
* Experience in mentoring teams and driving security best practices across project teams.
Operational Duties
* Install, configure and maintain the day-to-day NATO wide PKI systems and components;
* Install, configure and maintain NATO PKI (NPKI) virtualized infrastructure;
* Install, configure and maintain NPKI networking components;
* Install, configure and maintain NPKI hardware infrastructure;
* Install, configure and maintain NPKI LDAP directory service and support HTTP service;
* Responsible for Enterprise Mobile Mobility configuration, integration, maintenance;
* Responsible for LDAP directory service configuration and maintenance;
* Responsible for Online Certificate Status Protocol (OCSP) and Time Stamp management;
* Responsible for Database maintenance, dedicated for NPKI;
* Responsible for Card Management System deployment, integration and day-to-day management;
* Responsible for Hardware Security Module (HSM) firmware upgrade and management;
* Responsible for the creation of PKI related guidance;
* Certificate Authority Log analysis, (Troubleshoot the system ALARM/ERRORS and monitor user activity);
* Support Smart Card enrolment and certificate creation process;
* Maintain the day-to-day operations /management /backup/restore of the PKI systems;
* Provide technical support and assistance to ITM Operating Authorities and NPKI-Mitigation project team;
* Provide 2nd and 3rd level technical support of CIS services to the NPKI customers;
* Designing of new PKI components;
* Responsible for the creation and maintenance of Standard Operating Procedures within the NPKI as part of modifications or additions to current capabilities;
* Documenting of all new PKI services;
* Installation and maintenance of NPKI components;
* Be flexible to work outside normal office hours in response to crises, operational requirements;
Specific Working Conditions: There may be the requirement to travel to different locations to support the customer's needs and to maintain NPKI environment. Local travel within Belgium may be required 1 x per month to Brussels/Braine L'Alleud.
Requirements
Skill, Knowledge & Experience:
* The candidate must have a currently active NATO SECRET security clearance
* Extensive knowledge of modern communication and Internet Protocol (IP) based networking technologies and systems including security aspects.
* 5 years extensive experience with PKI System development, design, management.
* Extensive knowledge of Information security and Cryptography (symmetric and asymmetric encryption, public key infrastructure (PKI) encryption, public key encryption, hash functions, digital signatures, digital certificates).
* Working knowledge of router and switches configuration.
* Practical experience in Windows Servers, RHEL and VMware system administration.
* Knowledge of the principles of computer and communications security, networking, and vulnerabilities of modern operating systems and applications.
* Experience with SQL database administration.
* Extensive experience in operating systems backup and restore.
* Practical experience in scripting (Python, Powershell).
* Practical experience in SSL, TLS, and OpenSSL.
Desirable Experience:
* VMware (VCA, VCP) and Linux RHEL system administration
* CISCO CCNA
* Microsoft Certified Solution Associate (MCSA).
* Microsoft Certified Solutions Expert (MCSE).
* Experience in development and implementation of computer security policies.