PKI Engineer (Cybersecurity Technical Staff 3/4)

What You Will Do

This position will be filled at either the Cybersecurity Technical Staff 3/4 level, depending on the skills of the selected candidate. Additional job responsibilities (outlined below) will be assigned if the candidate is hired at the higher level.

The Infrastructure Services Division (ISD) invites you to Join our dynamic team as a senior- PKI Engineer (Cybersecurity Technical Staff). You will design, build, and administer LANL's PKI servers and related institutional services. You will be responsible for the operational monitoring of these systems to adhere to LANL's cyber security programs. As a PKI systems administration you will routinely patch the operating systems and applications that support LANL enterprise and business systems in both classified and unclassified environments. You will assist with projects including researching and recommending solutions to keep up the latest requirements and needs of the business. You will interact and collaborate with other DOE sites (e.g., LLNL, SNL, HQ, etc.) on PKI and identity management hardware and software solutions and participate on DOE-wide working groups.

Cybersecurity Technical Staff 3 ($112,000 - $186,700)

On any given day, you may be asked to:
  • Install, configure, and maintain new and existing operating systems in Windows physical and virtual environments.
  • Support the design, build, and deployment of enterprise PKI systems and ensure PKI systems comply with and adhere to industry best practices and NIST standards.
  • Develop and maintain documentation that describes system installation and configuration and other procedures, as well as developing scripts to automate reoccurring tasks.
  • Research and recommend innovative and automated approaches for performing system administration tasks and PKI upgrades.
  • Perform regular system monitoring, verify the integrity and availability of all hardware, server resources, systems, and key processes.
  • Apply OS patches and upgrades on a regular basis and upgrade administrative tools and utilities. Configure and add new services as necessary.
  • Develop and verify system backup procedures and ensure that all required file systems and data are successfully backed up to appropriate media. Verify the ability to recover systems and data from backup copies.

Cybersecurity Technical Staff 4 ($135,500 - $227,700)

In addition to what was outlined at the lower level, at this level you may be asked to:
  • Perform regular security monitoring to identify possible vulnerabilities or intrusion attempts.
  • Mentor and coach team members.

What You Need

Minimum Job Requirements
  • Knowledge of modern Windows operating systems.
  • Experience with PKI, asymmetric cryptography, and an understand of the principles of PKI, it's applications, and certificate lifecycle management.
  • Demonstrated proficiency writing scripting languages (such as Windows PowerShell, Python, Perl or other relevant scripting languages).
  • Demonstrated knowledge of PKI technology for identity and credential issuance, including credential validations services: local Certification Revocation Lists (CRL) and Online Certificate Status Protocol (OCSP).
  • Knowledge of token/MFA authentication methods, digital signature and encryption on desktops and integration on mobile devices.
  • Experience with commercial Certificate Authority providers, such as Entrust.

Additional Job Requirements for the Higher Level

In addition to the requirements outlined above, qualification at the higher level requires:
  • Demonstrated ability to successfully plan, design, document, lead and implement complex technical projects. Demonstrated ability to utilize Enterprise Architecture tools to aide in requirements gathering, designing solutions, and process management.
  • Proven experience designing and architecting robust PKI infrastructures and leading team projects.

Education/Experience at lower level Position requires a Bachelor's Degree in a technical field and a minimum of 8 years related experience; or, an equivalent combination of education and experience directly related to the occupation. At this level post graduate work may be expected.

Education/Experience at higher level: Position requires a Bachelor's Degree in a technical field and a minimum of 12 years' related experience, or an equivalent combination of education and experience. At this level post graduate work may be expected

Desired Qualifications:
  • Experience with virtual infrastructure including VMs, Hypervisors, containers, and related technologies.
  • Demonstrated effective verbal and written communication skills and policy writing.
  • MCSE or CompTIA CASP+ certifications
  • Experience in computer and web security and authentication concepts.
  • Experience identifying, promoting, and developing new technical capabilities.
  • Demonstrated ability to initiate, design and lead technical efforts independently or in a collaboration environment.
  • Demonstrated experience with vulnerability management and tools for performing vulnerability assessments.
  • Experience mentoring and coaching others.

Essential Job Functions (can perform with or without reasonable accommodation): Reaching overhead, reaching horizontally, reaching down, climbing a ladder, operating a motor vehicle, replacing servers, typing, gripping with the hands, the ability to lift up to 30 lbs, and replacing various systems equipment.

Work Environment:

Work Location: The work location for this position is hybrid and is located in Los Alamos, NM. Hybrid is defined as working partially onsite/partially offsite but within 2 hours ground commute of this location. All work locations are at the discretion of management and can change at any time with appropriate notice.

Position commitment: Regular appointment employees are required to serve a period of continuous service in their current position in order to be eligible to apply for posted jobs throughout the Laboratory. If an employee has not served the time required, they may only apply for Laboratory jobs with the documented approval of their Division Leader. The position commitment for this position is 1 year.

Note to Applicants:

Please submit a comprehensive cover letter that details how you meet the minimum requirements and desired qualifications for this role..

Work Schedule: This position may require working non-core business hours and occasionally nights and weekends.

Where You Will Work

Located in beautiful northern New Mexico, Los Alamos National Laboratory (LANL) is a multidisciplinary research institution engaged in strategic science on behalf of national security. Our generous benefits package includes:
  • PPO or High Deductible medical insurance with the same large nationwide network
  • Dental and vision insurance
  • Free basic life and disability insurance
  • Paid maternity and parental leave
  • Award-winning 401(k) (6% matching plus 3.5% annually)
  • Learning opportunities and tuition assistance
  • Flexible schedules and time off (paid sick, vacation, and holidays)
  • Onsite gyms and wellness programs
  • Extensive relocation packages (outside a 50 mile radius)
Additional Details

Directive 206.2 - Employment with Triad requires a favorable decision by NNSA indicating employee is suitable under NNSA Supplemental Directive 206.2. Please note that this requirement applies only to citizens of the United States. Foreign nationals are subject to a similar requirement under DOE Order 142.3A.

Clearance: Q (Position will be cleared to this level). Selected applicants will be subject to a background investigation conducted by or on behalf of the Federal Government, and must meet eligibility requirements* for access to classified matter. This position requires a Q clearance. and obtaining such clearance requires US Citizenship except in extremely rare circumstances. Dependent upon the position, additional authorization to access classified information may be required, which may or may not be available to dual citizens. Receipt of a Q clearance and additional access authorization ultimately is a decision of the Federal Government and not of Triad.

*Eligibility requirements: To obtain a clearance, an individual must be at least 18 years of age; U.S. citizenship is required except in very limited circumstances. See DOE Order 472.2 for additional information.

New-Employment Drug Test: The Laboratory requires successful applicants to complete a new-employment drug test and maintains a substance abuse policy that includes random drug testing. Although New Mexico and other states have legalized the use of marijuana, use and possession of marijuana remain illegal under federal law. A positive drug test for marijuana will result in termination of employment, even if the use was pre-offer.

Regular position: Term status Laboratory employees applying for regular-status positions are converted to regular status.

Internal Applicants: Regular appointment employees who have served the required period of continuous service in their current position are eligible to apply for posted jobs throughout the Laboratory. If an employee has not served the required period of continuous service, they may only apply for Laboratory jobs with the documented approval of their Division Leader. Please refer to Policy Policy P701 for applicant eligibility requirements.

Equal Opportunity: Los Alamos National Laboratory is an equal opportunity employer and supports a diverse and inclusive workforce. All employment practices are based on qualification and merit, without regard to race, color, national origin, ancestry, religion, age, sex, gender identity, sexual orientation, marital status or spousal affiliation, physical or mental disability, medical conditions, pregnancy, status as a protected veteran, genetic information, or citizenship within the limits imposed by federal laws and regulations. The Laboratory is also committed to making our workplace accessible to individuals with disabilities and will provide reasonable accommodations, upon request, for individuals to participate in the application and hiring process. To request such an accommodation, please send an email to or call 1-505-665-4444 option 1.