Architect - Directory and PKI Services

Design and implement scalable, secure AD and LDAP directory services for global enterprise environments. Integrate AD/LDAP and PKI with cloud identity platforms such as Azure AD, AWS IAM, and MFA solutions(e.g security key, passkey etc.). Perform regular maintenance, health checks, and performance tuning of AD, LDAP, and PKI systems. Ensure high availability and disaster recovery readiness for identity infrastructure. Troubleshoot complex issues including replication, authentication failures, and certificate errors. Architect and manage internal PKI infrastructure including CA, RA, CRL, OCSP, and HSM integrations. Define trust strategies and governance models for Certification Authorities (CAs). Develop and maintain Certificate Policy and Certificate Practice Statements (CP/CPS). Deploy and operate enterprise-grade PKI solutions including Microsoft ADCS and third-party platforms (e.g., DigiCert, Keyfactor, Venafi). Implement certificate lifecycle management (CLM) processes including issuance, renewal, revocation, and automation. Support application integrations for TLS/SSL, S/MIME, 802.1x, Smartcards, and Code Signing. Ensure secure key creation, storage, and usage aligned with cryptographic standards and compliance requirements. Develop automation scripts using PowerShell, Python, or Ansible for identity and certificate operations. Integrate PKI and credential management into CI/CD pipelines and DevSecOps workflows. Understanding of IAM solutions including SSO, MFA, and role-based access control. Work with federation protocols (SAML, OAuth, OpenID Connect) and tools like ADFS, Keycloak, PingFederate. Align identity and certificate services with ISO 27001, SOC 2, NIST, and GDPR frameworks. Support internal and external audits with documentation, logs, and remediation plans. Track and report service metrics, SLAs, KPIs, and KRIs for operational excellence. Collaborate with global teams including IAM, Infrastructure, Security, and Application owners. Provide excellent customer service to users and internal stakeholders. Contribute to change management and documentation using ITSM tools. Mentor team members and lead cross-functional technical initiatives. 5-7 years of experience in enterprise IT infrastructure with specialization in AD, LDAP, and PKI. Strong understanding of AD core concepts: FSMO roles, OU structure, GPOs, replication, RODCs, schema, and security. Hands-on experience with Microsoft ADCS and PKI components: Root CA, Issuing CA, OCSP, CRLs, SCEP/NDES. Experience with LDAP directories (OpenLDAP, Oracle Directory Services) and integration with enterprise systems. Proficiency in scripting (PowerShell, Python) and automation tools (Ansible, Terraform). Familiarity with certificate deployment across platforms: Windows, Linux/Unix, Apache, Tomcat, Java Keystore, F5, Azure Key Vault. Working knowledge of ITIL framework (Incident, Change, Problem Management). Prior experience with service management tools (e.g., ServiceNow, Remedy). Strong analytical and problem-solving skills with ability to resolve high-impact production incidents. Experience working with global teams and customers. Microsoft certifications (e.g., Azure cloud and security certifications). Experience with cloud-native identity platforms (HYPR, Azure AD, AWS IAM). Familiarity with PAM tools. Experience with containerized environments and Kubernetes certificate management. Understanding of cryptographic algorithms (symmetric/asymmetric), digital signatures, and key management. Interprets internal/external business challenges and recommends best practices to improve products, processes or services Has a good understanding of industry standard frameworks (NIST, CIS etc.) May lead functional teams or projects with moderate resource requirements, risk, and/or complexity