Microsoft PKI SME

Microsfot PKI SME (AD CS & Certificate Services) £700 - £750 P/D Inside IR35 3 months with scope to extend Fully remote Active SC would be advantageous Our client requires a Microsoft PKI Subject Matter Expert (SME) to assess, design, and optimise the organisation's Public Key Infrastructure (PKI) across on-premises and cloud environments. This role will focus on reviewing the existing certificate services landscape, identifying risks and gaps, and translating the current configuration into a secure, scalable, and repeatable design. The successful candidate will ensure PKI services support secure authentication, encryption, and compliance within a highly regulated and data-sensitive environment. Key Responsibilities • Conduct a detailed assessment of the current PKI environment, including Certificate Authorities (CAs), certificate templates, and trust chains • Document existing ("as-is") PKI architecture, configurations, and operational processes • Identify security risks, misconfigurations, and lifecycle management gaps (e.g. expiry, revocation, weak templates) • Design a target-state ("to-be") PKI architecture, including: • Root and subordinate CA hierarchy • Certificate enrolment and lifecycle processes • High availability and resilience considerations • Translate existing setup into a standardised, repeatable PKI design suitable for enterprise scale • Configure and optimise Active Directory Certificate Services (AD CS) • Support certificate-based authentication scenarios, including: • User and device authentication • Smartcards / passwordless authentication • Integration with Active Directory and Microsoft Entra ID • Enable secure certificate usage across services, including: • TLS/SSL for applications and infrastructure • Email encryption (S/MIME) • VPN and wireless authentication • Define and implement PKI governance, policies, and operational standards • Ensure alignment with security frameworks and regulatory requirements (e.g. ISO27001, NIST, legal sector obligations) • Provide clear documentation and knowledge transfer to operational teams Required Skills & Experience • Strong hands-on experience with Microsoft PKI technologies, particularly Active Directory Certificate Services (AD CS) • Proven experience in PKI design, implementation, and remediation • Experience conducting PKI health checks and security assessments • Strong knowledge of: • Certificate lifecycle management (enrolment, renewal, revocation) • Certificate templates and policies • Cryptography fundamentals (keys, hashing, encryption) • Experience with certificate-based authentication and identity integration • Ability to translate complex environments into structured, repeatable designs • Strong documentation and stakeholder communication skills Desirable Experience • Experience in highly regulated industries (legal, financial services, public sector) • Exposure to cloud-integrated PKI, including: • Microsoft Entra ID • Intune (device certificate deployment) • Knowledge of Zero Trust architecture principles • Experience with PKI migration or modernisation programmes • Familiarity with hardware security modules (HSMs) Key Deliverables • Current-state PKI assessment report • Risk and gap analysis with prioritised remediation plan • Target-state PKI architecture and design documentation • Standardised certificate management model • Operational processes and governance framework • Knowledge transfer and implementation guidance Profile • Highly detail-oriented with strong analytical capability • Strong focus on security, trust, and risk reduction • Comfortable operating as a standalone SME • Able to work across infrastructure, security, and identity teams • Strong communication skills, particularly in explaining complex PKI concepts to non-specialists