Microsoft PKI SME

Microsfot PKI SME (AD CS & Certificate Services) £700 - £750 P/D Inside IR35 3 months with scope to extend Fully remote Active SC would be advantageous Our client requires a Microsoft PKI Subject Matter Expert (SME) to assess, design, and optimise the organisation's Public Key Infrastructure (PKI) across on-premises and cloud environments. This role will focus on reviewing the existing certificate services landscape, identifying risks and gaps, and translating the current configuration into a secure, scalable, and repeatable design. The successful candidate will ensure PKI services support secure authentication, encryption, and compliance within a highly regulated and data-sensitive environment. Key Responsibilities Conduct a detailed assessment of the current PKI environment, including Certificate Authorities (CAs), certificate templates, and trust chains Document existing ("as-is") PKI architecture, configurations, and operational processes Identify security risks, misconfigurations, and lifecycle management gaps (e.g. expiry, revocation, weak templates) Design a target-state ("to-be") PKI architecture, including: Root and subordinate CA hierarchy Certificate enrolment and lifecycle processes High availability and resilience considerations Translate existing setup into a standardised, repeatable PKI design suitable for enterprise scale Configure and optimise Active Directory Certificate Services (AD CS) Support certificate-based authentication scenarios, including: User and device authentication Smartcards / passwordless authentication Integration with Active Directory and Microsoft Entra ID Enable secure certificate usage across services, including: TLS/SSL for applications and infrastructure Email encryption (S/MIME) VPN and wireless authentication Define and implement PKI governance, policies, and operational standards Ensure alignment with security frameworks and regulatory requirements (e.g. ISO27001, NIST, legal sector obligations) Provide clear documentation and knowledge transfer to operational teamsRequired Skills & Experience Strong hands-on experience with Microsoft PKI technologies, particularly Active Directory Certificate Services (AD CS) Proven experience in PKI design, implementation, and remediation Experience conducting PKI health checks and security assessments Strong knowledge of: Certificate lifecycle management (enrolment, renewal, revocation) Certificate templates and policies Cryptography fundamentals (keys, hashing, encryption) Experience with certificate-based authentication and identity integration Ability to translate complex environments into structured, repeatable designs Strong documentation and stakeholder communication skillsDesirable Experience Experience in highly regulated industries (legal, financial services, public sector) Exposure to cloud-integrated PKI, including: Microsoft Entra ID Intune (device certificate deployment) Knowledge of Zero Trust architecture principles Experience with PKI migration or modernisation programmes Familiarity with hardware security modules (HSMs)Key Deliverables Current-state PKI assessment report Risk and gap analysis with prioritised remediation plan Target-state PKI architecture and design documentation Standardised certificate management model Operational processes and governance framework Knowledge transfer and implementation guidanceProfile Highly detail-oriented with strong analytical capability Strong focus on security, trust, and risk reduction Comfortable operating as a standalone SME Able to work across infrastructure, security, and identity teams Strong communication skills, particularly in explaining complex PKI concepts to non-specialists