PKI Subject Matter Expert

Enforces application security in all phases of the software development life cycle. Works closely with team members to define application security best practices, performs software architecture and design reviews, and supports the identification, interpretation, and remediation of vulnerabilities across a variety of applications, programming languages, and platforms.

• Collect client requirements for functionality and performance of PQC PIV card implementation.

• Identify available vendor and open-source solutions for PQC PIV card implementations.

• Analyze available offerings for applicability to client requirements. Author documentation (White papers, briefings, etc.) discussing pros and cons to solutions.

• Design and implement POCs using best-suited vendor tools for PQC PIC card implementations including interoperability with existing identity systems and hardware.

• Construct detailed PQC migration plans for client PIV card systems.

• Writes comprehensive reports including assessment-based findings, outcomes and propositions for further system security enhancement.

• Identifies additional application security related tools, conducts tool analysis, and provides recommendations on what tools will enhance security protocols.

• Performs and conducts penetration tests and manual/automated code reviews.

• Creates and delivers training developers and other relevant team members on Secure Code Development as well as other security protocols.

• Designs, develops or recommends integrated system solutions ensuring proprietary/confidential data and systems are protected.

Minimum Qualifications

• Bachelor's Degree in Computer Science, Engineering, or other Engineering or Technical discipline or equivalent relevant experience. Master's Degree preferred.

• 8-15 years of experience as an Application Security Developer, Application Security Analyst, or equivalent.

Other Job Specific Skills

• Experience in designing, implementing, and managing PKI systems with a focus on PIV card infrastructure.

• Knowledge of cryptographic standards, principles, protocols, and algorithms.

• Understanding of post-quantum cryptographic (PQC) protocols and upcoming NIST standards.

• Strong understanding of federal guidelines and regulations concerning PIV card authentication and access control. (i.e., NIST SP 800-73, FIPS 201, etc.).

• Proficiency in configuring and troubleshooting PIV card hardware and software including middleware, card readers, and management tools.

• Experience with scripting and/or programming languages for integration and automation testing.

• Experience with PKI software and tools such as OpenSSL.

• Experience in operating in cloud environments such as Azure, AWS, or Google Cloud Platform.