Job Specifications
Senior IT Security Engineer
Hybrid – Onsite in Tampa, FL (33607) 4 days/week
12-Month Contract with Potential for Extensions or Conversion
We are seeking an experienced Senior IT Security Engineer with deep hands-on expertise in Public Key Infrastructure (PKI) and Microsoft Certificate Management. This role will serve as the primary owner of the enterprise certificate services ecosystem, ensuring the security, reliability, and compliance of the organization’s digital identity infrastructure.
This engineer will architect, deploy, maintain, and optimize certificate management systems with an emphasis on Microsoft Active Directory Certificate Services (ADCS) and enterprise-wide certificate lifecycle automation. This is an engineering-level role—far beyond day-to-day certificate administration—requiring strong design, troubleshooting, security, and operational leadership skills.
Key Responsibilities
PKI Architecture & Engineering
Design, deploy, and maintain enterprise PKI environments, including two-tier PKI architecture, disaster recovery planning, and long-term platform roadmaps.
Install, configure, and manage Active Directory Certificate Services (ADCS), Network Device Enrollment Services (NDES), and supporting PKI components.
Integrate certificate management with Active Directory, Group Policy, and domain architecture to ensure automated, secure certificate enrollment.
Engineer certificate workflows for servers, endpoints, network devices, applications, and identity systems.
Certificate Lifecycle Management
Oversee the full lifecycle of enterprise certificates: issuance, renewal, revocation, auditing, and inventory.
Monitor certificate expiration and proactively address risks to prevent outages or service disruptions.
Collaborate closely with security, infrastructure, and application teams to ensure proper certificate implementation across platforms.
Automation, Monitoring & Operations
Design and implement automated workflows (e.g., PowerShell) to streamline certificate lifecycle processes and reduce manual work.
Track certificate usage, dependencies, and expiration across the environment, ensuring continuous operational stability.
Troubleshoot and resolve complex certificate-related issues across platforms, services, and applications.
Prepare for and respond to OS upgrades, platform shifts, migrations, and lifecycle changes impacting PKI.
Security, Compliance & Documentation
Develop, maintain, and enforce certificate policies, standards, and procedures.
Support internal and external audits; ensure compliance with frameworks such as NERC CIP, ISO 27001, and organizational governance.
Maintain comprehensive technical documentation, including architecture diagrams, standard operating procedures, and troubleshooting guides.
Provide guidance, knowledge sharing, and PKI best practices to IT and security stakeholders.
Required Qualifications
Proven hands-on experience with Microsoft Certificate Management / Active Directory Certificate Services (ADCS).
Strong knowledge of Active Directory, Group Policy, and domain architecture.
Demonstrated experience designing and deploying PKI environments from the ground up (not just managing existing systems).
Deep understanding of PKI fundamentals, TLS/SSL, certificate-based authentication, S/MIME, and Smart Cards.
Strong troubleshooting capabilities and experience resolving complex certificate issues across diverse systems.
Experience working within security-driven or regulated environments.
Excellent communication, documentation, and cross-team collaboration skills.
Preferred Qualifications
Experience in the Electric Utility industry or other regulated sectors.
Automation experience using PowerShell or similar scripting tools.
Familiarity with cloud-based certificate solutions such as Azure Key Vault, Intune, or cloud-hosted PKI.
Relevant certifications such as:
Microsoft Certified: Identity and Access Administrator
CISSP
Microsoft Security or Infrastructure Engineering certifications
Role Context
This position sits closely with the Security Team and plays a key role in maintaining secure authentication and encryption across the enterprise. After the initial architecture and deployment work, the role transitions into ongoing monitoring, documentation, research, and lifecycle planning for future upgrades and platform changes.
About the Company
Here at Brooksource, relationships are at the center of everything we do. Since 2000, we have established and maintained lasting relationships with our clients, consultants, and internal employees to create an unparalleled experience.
Brooksource is a trusted provider of Engineering & Technology solutions for Fortune 500 organizations, specializing in Experience-Driven Staffing, Professional Services, and our innovative Workforce Transformation program, Elevate. Leveraging our partnerships with Salesforce, AWS, Microsoft, ...
Know more