Evaluation Criteria Description Job Title PKI Administrator / SME Skill Name Certificate Management / PKI Niche Skill Microsoft PKI Experience iGrade (i1-i6) I5 Grade (Optional) C1 Primary Skills – Knowledge on Fortanix Protegrity nCipher hashicorp vault – Practical and theoretical knowledge on PKI and cryptography including the leading standards (PKCS X509 PKIX ETSI ) (Must Have) – Hands-on familiarity with Microsoft Certificate Services and related components – Experience with certificate-enabled applications such as SSL/TLS S/MIME authentication EFS 802.1X Code Signing etc Understanding of cryptographic concepts: – symmetric/asymmetric cryptography secure hash digital signatures – HSM overview and SSL Offloading – Key Recovery and EFS recovery Process – Installation of CA/OCSP/Web enrollment Roles – Renewing CRLs and updating in it in CDP locations like HTTP and LDAP Assist in the design and deployment of upgrades as well as managing Secondary Skills – Working knowledge of Active Directory and its integration with Microsoft PKI (Good to have) – Good to have knowledge on Linux based PKI – Key Management Service – Amazon Web Services (AWS) Personal Qualities – Excellent written and verbal communication skills – Ability to multi-task prioritize coordinate work well under pressure and meet deadlines Key Responsibilities – Certificate Life Cycle Management – Issue Revoke Renew Certificate – Issuing Certificate for Internal and External service Application from the Internal or Public CA based on requirement – Communicate Stakeholders for renewal of certificate before Expiry – Steps/Assistance to create CSR – Assistance to Install certificate (on Microsoft servers basics(IIS certificate binding etc) – Responsible for providing monitoring ADCS Servers – Regular health check of CA servers – Monitoring CRL publishing dates – Annual Renewal of Root CA and Issuing CA certificates – Annual Publishing of Root CA CRL – Troubleshooting Certificate related errors like -Certificate Trust certificate validity incorrect Certificate Purpose incorrect hashing algorithm enrollment issues etc – Trouble Shooting CRL related issues- CRL publishing CRL verification check – Understanding on various method of generation of certificate requests and issuing certificate – To identify need of certificate in an application and educating the stake holder with the appropriate Certificate requirement (e.g.-suggesting Wildcard Multidomain etc certs depending on purpose ) – Addition/deletion/Modification of Certificate Template and setting up of permissions – Certificate Auto enrollment configuration in coordination with AD Team – CA server backup – Trouble Shooting P2 and P1 Issues Additional Remarks Ready to learn new tools/technologies/solutions as may be required by business. for consideration Education / Certifications / Trainings Degree in Computer Science Information Technology Information Services or similar Shift Timing 9×5 shift timings as per supported client with on call support