Architect, Microsoft Identity & Pki

Summary The role of the Microsoft Identity Architect / PKI is to design and lead enterprise-scale identity and PKI modernization initiatives, ensuring secure and scalable certificate lifecycle management. This individual leverages expertise in Microsoft Entra, Hybrid Join, and KeyFactor technologies to architect and automate identity and cryptographic solutions across complex environments. The role also provides technical leadership in advancing PKI strategies, including HSM integration and Post-Quantum Cryptography readiness.   Description The candidate must have hands-on experience with enterprise PKI modernization in large-scale environments.  They should be proficient in working with KeyFactor and KeyFactor Command for certificate lifecycle automation.  The role requires strong knowledge of Microsoft Entra and Hybrid Join capabilities within identity ecosystems.  The candidate must have practical experience with HSMs (onprem), CA/RA processes, and CRL/OCSP operations.  They should demonstrate awareness of PQC (PostQuantum Cryptography) and its impact on PKI modernization strategies    Qualifications   The candidate must have minimum of 2+ years of direct experience supporting or delivering enterprise PKI solutions.  They must have a proven ability to work with KeyFactor technologies and certificate management automation at scale.  The role requires strong expertise in Microsoft identity platforms, including Entra, Hybrid Join, Conditional Access, and passwordless authentication.  The candidate should have demonstrated experience providing technical leadership and architecture guidance in client-facing delivery engagements.  They must be capable of contributing to modernization initiatives involving HSM analysis, KeyFactor migration, and PQC roadmap activities.  Location This short term project-based role is a hybrid role in Atlanta, Baltimore or Washington DC.  To be considered for this position, candidates must reside in one of the following U.S. states to be able to commute into the office: DC, MD, VA, PA, DE, GA, TN, NC. Candidates residing outside these states are not eligible for consideration currently. Applicants must be authorized to work for ANY employer in the U.S. We are unable to sponsor or take over sponsorship of an employment visa currently.