Microsoft PKI SME

Microsfot PKI SME (AD CS & Certificate Services)

£700 - £750 P/D Inside IR35

3 months with scope to extend

Fully remote

Active SC would be advantageous

Our client requires a Microsoft PKI Subject Matter Expert (SME) to assess, design, and optimise the organisation's Public Key Infrastructure (PKI) across on-premises and cloud environments.
This role will focus on reviewing the existing certificate services landscape, identifying risks and gaps, and translating the current configuration into a secure, scalable, and repeatable design. The successful candidate will ensure PKI services support secure authentication, encryption, and compliance within a highly regulated and data-sensitive environment.

Key Responsibilities

Conduct a detailed assessment of the current PKI environment, including Certificate Authorities (CAs), certificate templates, and trust chains
Document existing ("as-is") PKI architecture, configurations, and operational processes
Identify security risks, misconfigurations, and lifecycle management gaps (e.g. expiry, revocation, weak templates)
Design a target-state ("to-be") PKI architecture, including:
Root and subordinate CA hierarchy
Certificate enrolment and lifecycle processes
High availability and resilience considerations
Translate existing setup into a standardised, repeatable PKI design suitable for enterprise scale
Configure and optimise Active Directory Certificate Services (AD CS)
Support certificate-based authentication scenarios, including:
User and device authentication
Smartcards / passwordless authentication
Integration with Active Directory and Microsoft Entra ID
Enable secure certificate usage across services, including:
TLS/SSL for applications and infrastructure
Email encryption (S/MIME)
VPN and wireless authentication
Define and implement PKI governance, policies, and operational standards
Ensure alignment with security frameworks and regulatory requirements (e.g. ISO27001, NIST, legal sector obligations)
Provide clear documentation and knowledge transfer to operational teamsRequired Skills & Experience

Strong hands-on experience with Microsoft PKI technologies, particularly Active Directory Certificate Services (AD CS)
Proven experience in PKI design, implementation, and remediation
Experience conducting PKI health checks and security assessments
Strong knowledge of:
Certificate lifecycle management (enrolment, renewal, revocation)
Certificate templates and policies
Cryptography fundamentals (keys, hashing, encryption)
Experience with certificate-based authentication and identity integration
Ability to translate complex environments into structured, repeatable designs
Strong documentation and stakeholder communication skillsDesirable Experience

Experience in highly regulated industries (legal, financial services, public sector)
Exposure to cloud-integrated PKI, including:
Microsoft Entra ID
Intune (device certificate deployment)
Knowledge of Zero Trust architecture principles
Experience with PKI migration or modernisation programmes
Familiarity with hardware security modules (HSMs)Key Deliverables

Current-state PKI assessment report
Risk and gap analysis with prioritised remediation plan
Target-state PKI architecture and design documentation
Standardised certificate management model
Operational processes and governance framework
Knowledge transfer and implementation guidanceProfile

Highly detail-oriented with strong analytical capability
Strong focus on security, trust, and risk reduction
Comfortable operating as a standalone SME
Able to work across infrastructure, security, and identity teams
Strong communication skills, particularly in explaining complex PKI concepts to non-specialists
Only candidates based in UK and eligible to work in UK are allowed