Senior Security Consultant – PKI & Certificate Lifecycle (Entrust CSP)

Senior Security Consultant – PKI & Certificate Lifecycle (Entrust CSP)

• Location: Alberta, BC – (Remote)
• Pay Rate: $120/hr
• Contract Length: 5 to 6 months

We at Raise are hiring a Senior Security Consultant – PKI & Certificate Lifecycle (Entrust CSP) for one of our top clients. After establishing themselves as an industry leader, they’re now expanding their team to meet rising demand. We’re hiring right now; if you’re interested, apply below for your chance to join a great place to work.

Responsibilities:

PKI Architecture & Design

• Design and implement an enterprise on-prem PKI architecture, including an offline root CA and issuing CA hierarchy.
• Integrate Hardware Security Modules (HSM) for key protection and signing operations.
• Architect and deploy Entrust Certificate Services Platform (CSP).
• Develop PKI trust models supporting healthcare applications and identity systems.

Certificate Lifecycle Management (CLM)

• Implement automated certificate enrollment, renewal, revocation, and discovery workflows using Entrust CSP.
• Integrate CLM processes with Active Directory, network devices, and application platforms.
• Establish certificate governance frameworks, including inventory tracking and expiration monitoring.

Cryptography & Security Engineering

• Implement strong cryptographic standards (RSA, ECC, TLS 1.2/1.3).
• Perform key lifecycle management aligned to NIST standards.
• Support certificate usage for TLS, code signing, email encryption, and device authentication.

Healthcare & Government Compliance

• Align PKI controls with Government of Alberta security policies and Canadian healthcare regulations.
• Support audit readiness and compliance reporting related to cryptographic key management.

Migration & Modernization Initiatives

• Lead PKI modernization or migration initiatives, including migration to Entrust CSP.
• Conduct risk assessments and trust gap analysis across applications and infrastructure.

Security Operations & Documentation

• Develop PKI operational procedures, disaster recovery plans, and incident response playbooks.
• Produce architecture diagrams, certificate lifecycle workflows, and governance documentation.

Required Qualifications

• 10–15 years of IT/cybersecurity experience with 5+ years dedicated to enterprise PKI.
• Hands-on experience designing and implementing on-prem PKI.
• Strong experience with Entrust Certificate Services Platform (CSP).
• Expertise in cryptographic standards, PKI trust models, and certificate-based authentication.
• Experience integrating PKI with Active Directory, network/security appliances, and application platforms.

Preferred Qualifications

• Experience with Entrust nShield HSM or an equivalent.
• Familiarity with Microsoft ADCS and hybrid PKI architectures.
• Experience implementing certificate automation for DevOps/Kubernetes environments.
• Knowledge of post-quantum cryptography readiness strategies.

Certifications (Preferred)

• PKI/Product Certifications:
• Entrust PKI / Certificate Services Platform Certification
• Certified Encryption Specialist (ECES)

Cybersecurity Certifications (Preferred):

• CISSP
• CCSP
• CISM or CISA

Infrastructure/Security Certifications (Preferred):

• CCNP Security / CCIE Security
• CompTIA Security+ / CySA+

Core Skills & Competencies

• Deep hands-on PKI engineering and cryptographic architecture expertise.
• Strong understanding of identity trust frameworks and certificate-based authentication.
• Ability to design high-availability, scalable, and compliant PKI environments.
• Strong documentation and stakeholder communication skills.

Looking for meaningful work? We can help!

Raise is an established hiring firm with over 65 years of experience. We believe strongly in making the world a better place through work, which is why we’re a certified B Corporation and donate 10% of our profits to charity.

We strive to build teams that reflect the diversity of the communities we work in. We encourage all qualified applicants to apply, including people from traditionally underrepresented groups such as women, visible minorities, Indigenous peoples, people identifying as LGBTQ2SI, veterans, and people with visible/nonvisible disabilities.

We have a dedicated webpage for accommodations where you can learn more about what we offer and request accommodation: https://raise.jobs/accommodations/

In order to submit candidates for roles, our clients will sometimes require personal information to confirm the identity of applicants and their legal status to work. Raise will never ask you for personal or banking information unless you have been selected for a job. If you are ever unsure about the legitimacy of this or another job posting by Raise (or have any other questions), please contact us at +1 800-567-9675 or hello@raiserecruiting.com