Senior Microsoft PKI & AD CS Architect (Contract)

Company: VE3
Apply for the Senior Microsoft PKI & AD CS Architect (Contract)
Location: Maidenhead
Job Description:

Job Title

Microsoft PKI / AD CS Specialist

Location

Maidenhead, United Kingdom

Position Type

Freelance/Contract

Experience Level

5 years.

Role Purpose

We are looking for an experienced Microsoft PKI / AD CS Specialist to assess, design and support implementation of an on-premise certificate lifecycle management solution for a Microsoft-based enterprise environment.

Key Responsibilities

Current-State PKI Assessment

  • Review the existing on-premise Microsoft CA / AD CS configuration.
  • Assess CA hierarchy, root/intermediate CA design, issuing CA configuration and certificate policies.
  • Review certificate templates, issuance permissions, auto-enrolment settings and approval workflows.
  • Assess CRL, OCSP, revocation checking and certificate chain availability.
  • Review current server certificate usage across domain-joined, internal, SQL/SSRS and DMZ/workgroup servers.
  • Identify current risks, gaps and improvement areas in certificate lifecycle management.

Target PKI Architecture

  • Design a secure and supportable Microsoft PKI / AD CS target architecture.
  • Define certificate templates for internal server authentication, SQL Server, SSRS, application portals and internal HTTPS endpoints.
  • Define certificate validity periods, renewal periods, key lengths, algorithms, SAN naming standards and subject naming conventions.
  • Define auto-enrolment patterns for domain-joined Windows servers.
  • Define secure issuance and renewal options for non-domain-joined DMZ/workgroup servers.
  • Recommend whether the existing CA can be reused, remediated or whether additional configuration is required.
  • Produce practical design documentation suitable for infrastructure, security and operations teams.

Certificate Lifecycle and Automation

  • Define certificate request, approval, issuance, deployment, renewal and revocation processes.
  • Design GPO-based certificate auto-enrolment where appropriate.
  • Advise on scripted or manual certificate issuance patterns where auto-enrolment is not suitable.
  • Define monitoring and alerting requirements for expiring certificates.
  • Support integration with operational processes, including change management, CAB, maintenance windows and service validation.
  • Advise on whether third-party certificate lifecycle tools are required or whether native Microsoft capabilities are sufficient.

Security and Compliance

  • Ensure the PKI design aligns with security best practice and audit expectations.
  • Define auditable controls for certificate issuance, renewal, revocation and administrative access.
  • Support ISO 27001-style evidence requirements, including proof that certificates are monitored, renewed and controlled.
  • Identify and document risks associated with self-signed certificates, public wildcard certificate reuse, weak cryptography, unmanaged certificates and orphaned certificate owners.
  • Produce an exception handling model for systems that cannot follow the standard certificate lifecycle process.

Proof of Concept and Implementation Support

  • Lead or support a PoC using selected non-production servers.
  • Validate certificate enrolment and renewal for domain-joined servers.
  • Support testing of certificate bindings for internal web services, SQL Server and SSRS.
  • Validate trust chains, certificate stores, CRL accessibility and service connectivity.
  • Produce implementation runbooks and operational handover materials.
  • Support production rollout planning, including change records, test plans, rollback/fix-forward approach and post-change validation.

Required Skills and Experience

  • Microsoft AD CS – Strong experience designing, configuring or assessing Microsoft Active Directory Certificate Services.
  • Windows PKI – Strong understanding of PKI concepts, certificate chains, root/intermediate CAs, revocation, CRLs, OCSP and certificate templates.
  • Active Directory – Strong understanding of AD, GPOs, domain-joined servers, permissions and security groups.
  • Auto-enrolment – Practical experience with certificate auto-enrolment using Group Policy.
  • Certificate templates – Ability to design and secure templates for server authentication and internal TLS use cases.
  • Windows Server – Strong knowledge of certificate stores, service bindings and Windows Server security.
  • Internal TLS – Experience securing internal server-to-server communication using CA-issued certificates.
  • DMZ/workgroup servers – Experience designing certificate processes for non-domain-joined or isolated servers.
  • Security governance – Familiarity with audit, evidence, vulnerability scanning and ISO 27001-style control expectations.
  • Documentation – Ability to produce clear architecture, assessment, runbook and operational documentation.

Desirable Skills

  • Experience with SQL Server and SSRS certificate requirements.
  • Experience with IIS certificate bindings.
  • Experience with load balancers, reverse proxies or DMZ certificate patterns.
  • Experience with certificate lifecycle management tools.
  • PowerShell scripting experience for certificate inventory, reporting or automation.
  • Experience working in regulated, public sector or security-conscious environments.
  • Knowledge of Entra ID application certificates and secrets would be useful, but is not the primary focus of this role.
  • Experience supporting CAB/change-controlled production environments.

#J-18808-Ljbffr…

Posted: May 27th, 2026
Popular Searches
Jobs by Sector
Jobs by Location

Admin jobs | Airport jobs | Amazon Driver jobs | Amazon Warehouse Operative jobs | Apprentice Electrician jobs | Apprenticeship jobs | Bricklaying jobs | Business Analyst jobs | Business Development Manager jobs | Care Assistant jobs | Care Home jobs | Caregiver jobs | Civil Service jobs | Class 1 Driver jobs | Cleaner jobs | Cleaning jobs | Council jobs | Cyber Security jobs | Data Analyst jobs | Data Entry jobs | Data Scientist jobs | Delivery Driver jobs | Digital Marketing jobs | Driver jobs | Driving jobs | Electrician jobs | Graphic Designer jobs | Healthcare Assistant jobs | HGV Class 2 Driver jobs | HGV Driver jobs | HGV jobs | HGVClass 1 Driver jobs | Hospital jobs | Housing jobs | Immediate Start jobs | It Consultant jobs | It Support jobs | Jobs for 16 Year Olds | Joiner jobs | Labourer jobs | Management jobs | NHS jobs | Night Shift jobs | Offshore jobs | Online jobs | Paralegal jobs | Personal Assistant jobs | Project Manager jobs | Receptionist jobs | Sales Assistant jobs | Scrum Master jobs | Security Guard jobs | Security jobs | Security Officer jobs | SEO jobs | Support Worker jobs | Teaching Assistant jobs | Van Driver jobs | Warehouse jobs | Warehouse Operative jobs | Web Designer jobs | Weekend jobs | Work From Home jobs

Accountancy jobs | Administration jobs | Advertising jobs | Aerospace jobs | Apprenticeships jobs | Automotive jobs | Banking jobs | Call Centre jobs | Catering jobs | Charity jobs | Construction jobs | Creative jobs | Customer Service jobs | Digital jobs | Education jobs | Engineering jobs | Finance jobs | FMCG jobs | Graduate jobs | Healthcare jobs | Hospitality jobs | HR jobs | Insurance jobs | IT jobs | Legal jobs | Leisure jobs | Logistics jobs | Management Consultancy jobs | Manufacturing jobs | Marketing jobs | Media jobs | Nursing jobs | Oil and Gas jobs | PA jobs | Part time jobs | Pharmaceutical jobs | PR jobs | Property jobs | Public Sector jobs | Recruitment Sales jobs | Renewable Energy jobs | Retail jobs | Sales jobs | Science jobs | Secretarial jobs | Senior Appointments jobs | Social Work jobs | Teaching jobs | Telecoms jobs | Temporary jobs | Tourism jobs | Transport jobs | Travel jobs | Utilities jobs | Wholesale jobs

Jobs in Aberdeen | Jobs in Belfast | Jobs in Birmingham | Jobs in Bolton | Jobs in Bournemouth | Jobs in Bradford | Jobs in Bristol | Jobs in Cambridge | Jobs in Cardiff | Jobs in Cornwall | Jobs in Coventry | Jobs in Derby | Jobs in Devon | Jobs in Doncaster | Jobs in Dundee | Jobs in East Anglia | Jobs in East Midlands | Jobs in Edinburgh | Jobs in Essex | Jobs in Exeter | Jobs in Glasgow | Jobs in Hull | Jobs in Inverness | Jobs in Ipswich | Jobs in Isle Of Wight | Jobs in Kent | Jobs in Leeds | Jobs in Leicester | Jobs in Liverpool | Jobs in London | Jobs in Luton | Jobs in Manchester | Jobs in Middlesbrough | Jobs in Milton Keynes | Jobs in Newcastle Upon Tyne | Jobs in Newport, Gwent | Jobs in North East | Jobs in North West | Jobs in Northampton | Jobs in Northern Ireland | Jobs in Norwich | Jobs in Nottingham | Jobs in Peterborough | Jobs in Plymouth | Jobs in Reading | Jobs in Scotland | Jobs in Sheffield | Jobs in South East | Jobs in South West | Jobs in Southampton | Jobs in Stoke On Trent | Jobs in Sunderland | Jobs in Surrey | Jobs in Swansea | Jobs in Swindon | Jobs in Telford | Jobs in Wales | Jobs in Wolverhampton | Jobs in Wrexham | Jobs in York | Jobs in Yorkshire