Security Consultant

Senior Security Consultant – PKI & Certificate Lifecycle (Entrust CSP)

• Location: Alberta/BC- (Remote)
• Contract Length: 5 to 6 months

We at Raise are hiring a Senior Security Consultant – PKI & Certificate Lifecycle (Entrust CSP) for one of our top clients. After establishing themselves as an industry leader, they’re now expanding their team to meet rising demand. We’re hiring right now; if you’re interested, apply below for your chance to join a great place to work.

Responsibilities:

PKI Architecture & Design

• Design and implement an enterprise on-prem PKI architecture, including an offline root CA and issuing CA hierarchy.
• Integrate Hardware Security Modules (HSM) for key protection and signing operations.
• Architect and deploy Entrust Certificate Services Platform (CSP).
• Develop PKI trust models supporting healthcare applications and identity systems.

Certificate Lifecycle Management (CLM)

• Implement automated certificate enrollment, renewal, revocation, and discovery workflows using Entrust CSP.
• Integrate CLM processes with Active Directory, network devices, and application platforms.
• Establish certificate governance frameworks, including inventory tracking and expiration monitoring.

Cryptography & Security Engineering

• Implement strong cryptographic standards (RSA, ECC, TLS 1.2/1.3).
• Perform key lifecycle management aligned to NIST standards.
• Support certificate usage for TLS, code signing, email encryption, and device authentication.

Healthcare & Government Compliance

• Align PKI controls with Government of Alberta security policies and Canadian healthcare regulations.
• Support audit readiness and compliance reporting related to cryptographic key management.

Migration & Modernization Initiatives

• Lead PKI modernization or migration initiatives, including migration to Entrust CSP.
• Conduct risk assessments and trust gap analysis across applications and infrastructure.

Security Operations & Documentation

• Develop PKI operational procedures, disaster recovery plans, and incident response playbooks.
• Produce architecture diagrams, certificate lifecycle workflows, and governance documentation.

Required Qualifications

• 10–15 years of IT/cybersecurity experience with 5+ years dedicated to enterprise PKI.
• Hands-on experience designing and implementing on-prem PKI.
• Strong experience with Entrust Certificate Services Platform (CSP).
• Expertise in cryptographic standards, PKI trust models, and certificate-based authentication.
• Experience integrating PKI with Active Directory, network/security appliances, and application platforms.

Preferred Qualifications

• Experience with Entrust nShield HSM or an equivalent.
• Familiarity with Microsoft ADCS and hybrid PKI architectures.
• Experience implementing certificate automation for DevOps/Kubernetes environments.
• Knowledge of post-quantum cryptography readiness strategies.

Certifications (Preferred)

• PKI/Product Certifications:
• Entrust PKI / Certificate Services Platform Certification
• Certified Encryption Specialist (ECES)

Cybersecurity Certifications (Preferred):

• CISSP
• CCSP
• CISM or CISA

Infrastructure/Security Certifications (Preferred):

• CCNP Security / CCIE Security
• CompTIA Security+ / CySA+

Core Skills & Competencies

• Deep hands-on PKI engineering and cryptographic architecture expertise.
• Strong understanding of identity trust frameworks and certificate-based authentication.
• Ability to design high-availability, scalable, and compliant PKI environments.
• Strong documentation and stakeholder communication skills.