PKI Engineer

Job Title: PKI Engineer

Duration: 13 months

Location: Remote

Must Have: previous client experience

Interview Process: 1 round 1 hour Panel interview

Role Overview

Capital One is seeking an experienced Cryptography / PKI Engineer to support its Data Protection and Cyber Technology organization. This role is focused on maintaining and operating enterprise cryptographic services while enabling senior SMEs to focus on large-scale initiatives, including Discover integration efforts.

The selected candidate will play a key role in “running the engine”—ensuring smooth day-to-day cryptographic operations across certificates, keys, and encryption services in a cloud-based environment.

Key Responsibilities

• Manage the full lifecycle of digital certificates and cryptographic keys

• Support PKI operations, including certificate issuance, renewal, revocation, and inventory

• Manage internal and external certificates, symmetric keys, and PGP keys

• Work with AWS cryptographic services such as:

o AWS Key Management Service (KMS)

o AWS S3 encryption

o AWS Private Certificate Authority

o AWS CloudHSM

• Support certificate discovery, inventory, and remediation activities

• Handle operational tickets and project work using JIRA

• Collaborate with software engineers to troubleshoot internally built security tools

• Communicate cryptographic concepts clearly to non-technical stakeholders

• Participate in post-quantum cryptography (PQC) exploration and testing initiatives as needed

Required Qualifications

• Minimum 4+ years of overall IT experience

• At least 2+ years of hands-on PKI / cryptography experience

• Strong understanding of:

o Public Key Infrastructure (PKI)

o Encryption concepts and key management

o Certificate authorities and trust chains

• Experience working in AWS cloud environments

• Familiarity with Hardware Security Modules (HSMs) (AWS CloudHSM, Thales, nCipher, or similar)

• Ability to work independently in a large enterprise environment

• Strong communication skills and ability to explain complex crypto concepts clearly

Preferred Qualifications

• Experience with Python or Java (development or strong conceptual understanding)

• Scripting experience (Python, Bash, PowerShell, etc.)

• Prior experience in large enterprise or financial services environments

• Exposure to post-quantum cryptography or emerging encryption standards

Team & Environment

• Part of the Crypto Services organization within Capital One’s Cyber Technology group

• Team members primarily based in Richmond, McLean, and New York (remote work supported)

• Work is a mix of business-as-usual operations and project-based initiatives

• No on-call or after-hours support required (hourly role)