Microsoft Active Directory Public Key Infrastructure (AD PKI) Expert
Position Summary:
We are seeking a Microsoft Active Directory Public Key Infrastructure (AD PKI) Expert for a short-term engagement to conduct a deep-dive discovery, analysis, and review of our existing PKI environment. The consultant will provide a detailed report on the current state, along with recommendations and options for migration, separation, and alternative on-premises or cloud-based architectures.
Key Responsibilities:
Deep-Dive PKI Discovery & Assessment:
Conduct a thorough review of the existing AD PKI infrastructure, including Certificate Authorities (CAs), Certificate Templates, CRL distribution, and Auto-Enrollment policies.
Analyze dependencies, security configurations, and compliance gaps.
Evaluate PKI integration with Active Directory, network services, and enterprise applications.
Analysis & Reporting:
Provide a detailed assessment report outlining the current PKI architecture, strengths, weaknesses, and risks.
Identify potential issues, security vulnerabilities, and areas for improvement.
Offer guidance on best practices for PKI security hardening and lifecycle management.
Migration & Separation Strategy:
Provide expert recommendations on PKI migration and separation strategies, considering:
Splitting PKI environments for multiple organizations or business units.
Migrating from on-premises to cloud-based PKI solutions (e.g., Microsoft Intune SCEP, AWS Private CA, or Azure Key Vault).
Transitioning from legacy PKI to a modern, scalable architecture.
Assess the impact of moving to cloud-native, hybrid, or third-party PKI solutions.
Future-State Architecture & Roadmap:
Design and present high-level architecture options tailored to business requirements.
Provide recommendations for governance, automation, and certificate lifecycle management.
Suggest enhancements for security, compliance, and resilience (e.g., HSM integration, CRL optimization, OCSP setup).
Qualifications & Skills:
Expert-level knowledge of Microsoft AD Certificate Services (AD CS), PKI design, implementation, and security best practices.
Experience with certificate lifecycle management, HSMs, and enterprise PKI solutions.
Strong understanding of certificate-based authentication, encryption, and digital signatures.
Hands-on experience in PKI migrations, separation strategies, and hybrid cloud PKI deployments.
Familiarity with cloud-based PKI alternatives, such as Microsoft Intune SCEP, AWS Private CA, or Azure Key Vault.
Experience with PowerShell scripting for automation of PKI-related tasks.
Knowledge of compliance frameworks (NIST, CIS, ISO 27001) and PKI security hardening techniques.
Relevant certifications (preferred): Microsoft Certified: Identity and Access Administrator, CISSP, CISM, or other security-related certifications.
Microsoft Active Directory Public Key Infrastructure (AD PKI) Expert
Position Summary:
We are seeking a Microsoft Active Directory Public Key Infrastructure (AD PKI) Expert for a short-term engagement to conduct a deep-dive discovery, analysis, and review of our existing PKI environment. The consultant will provide a detailed report on the current state, along with recommendations and options for migration, separation, and alternative on-premises or cloud-based architectures.
Key Responsibilities:
Deep-Dive PKI Discovery & Assessment:
Conduct a thorough review of the existing AD PKI infrastructure, including Certificate Authorities (CAs), Certificate Templates, CRL distribution, and Auto-Enrollment policies.
Analyze dependencies, security configurations, and compliance gaps.
Evaluate PKI integration with Active Directory, network services, and enterprise applications.
Analysis & Reporting:
Provide a detailed assessment report outlining the current PKI architecture, strengths, weaknesses, and risks.
Identify potential issues, security vulnerabilities, and areas for improvement.
Offer guidance on best practices for PKI security hardening and lifecycle management.
Migration & Separation Strategy:
Provide expert recommendations on PKI migration and separation strategies, considering:
Splitting PKI environments for multiple organizations or business units.
Migrating from on-premises to cloud-based PKI solutions (e.g., Microsoft Intune SCEP, AWS Private CA, or Azure Key Vault).
Transitioning from legacy PKI to a modern, scalable architecture.
Assess the impact of moving to cloud-native, hybrid, or third-party PKI solutions.
Future-State Architecture & Roadmap:
Design and present high-level architecture options tailored to business requirements.
Provide recommendations for governance, automation, and certificate lifecycle management.
Suggest enhancements for security, compliance, and resilience (e.g., HSM integration, CRL optimization, OCSP setup).
Qualifications & Skills:
Expert-level knowledge of Microsoft AD Certificate Services (AD CS), PKI design, implementation, and security best practices.
Experience with certificate lifecycle management, HSMs, and enterprise PKI solutions.
Strong understanding of certificate-based authentication, encryption, and digital signatures.
Hands-on experience in PKI migrations, separation strategies, and hybrid cloud PKI deployments.
Familiarity with cloud-based PKI alternatives, such as Microsoft Intune SCEP, AWS Private CA, or Azure Key Vault.
Experience with PowerShell scripting for automation of PKI-related tasks.
Knowledge of compliance frameworks (NIST, CIS, ISO 27001) and PKI security hardening techniques.
Relevant certifications (preferred): Microsoft Certified: Identity and Access Administrator, CISSP, CISM, or other security-related certifications.