HSPD-12 Engineer
## HSPD-12 EngineerApplylocations: US - DC, Washingtontime type: Full timeposted on: Posted Todayjob requisition id: 41695**Job Family:**IT Cyber Security (Digital)**Travel Required:**Up to 10%**Clearance Required:**Ability to Obtain Public Trust**What You Will Do**:The **HSPD-12 Engineer** serves as a subject‐matter expert in credential management systems with a primary focus on HSPD-12 Technologies, including Intercede MyID and PKI. This role provides advanced engineering, troubleshooting, and cloud‐support services while collaborating with development, security, and infrastructure teams to design and maintain secure, scalable, automated solutions. The **HSPD-12 Engineer** works independently or as part of a cross‐functional team to support mission‐critical environments.• Provide engineering, operational, and lifecycle support for HSPD‐12 and PIV credentialing environments in alignment with FICAM, NIST, FISMA, and agency policy requirements. • Engineer, maintain, and enhance credential management platforms including Intercede MyID, HID credentialing technologies, supporting middleware, smart card components, and Windows Server/database infrastructure. • Manage core PIV/PKI infrastructure including Hardware Security Modules (HSMs), Certificate Authorities (CAs), Registration Authorities (RAs), certificate profiles, key management systems, and OCSP/CRL services. • Oversee secure configuration, patching, firmware updates, backups, monitoring, and lifecycle management for HSMs and PKI systems supporting certificate issuance and PIV key generation. • Support cloud‐hosted PIV/PKI services in AWS and Azure, including virtualized CAs, credentialing applications, and HSM‐integrated workloads. • Use Terraform, Ansible, and automation frameworks to provision, configure, and maintain secure, compliant cloud and hybrid environments hosting PIV and certificate services. • Implement policy‐as‐code, configuration baselines, and automated deployments to ensure consistent enforcement of HSPD‐12, NIST, and FICAM requirements. • Automate deployment and maintenance of PIV credentialing applications, PKI services, middleware, and supporting components to ensure reliable and secure operations. • Implement monitoring and alerting for critical PIV/PKI functions including certificate operations, HSM health, OCSP/CRL endpoints, issuance errors, and authentication performance. • Troubleshoot complex issues across the credentialing ecosystem—including authentication devices, drivers, middleware, certificate chains, cryptographic services, and trust store configurations—across cloud and on‐prem environments. • Support full credential lifecycle operations including issuance, activation, suspension, revocation, renewal, auditing, and compliance documentation. • Maintain operational baselines, perform root cause analysis of recurring PIV/PKI issues, and implement durable remediation to strengthen system reliability. • Ensure high availability, redundancy, and disaster recovery readiness across PIV and PKI infrastructure through resilient engineering and operational best practices. • Apply and enforce security best practices across cloud, on‐prem, and credentialing systems to protect sensitive key material and maintain continuous compliance. • Participate in audits, assessments, and accreditation activities to support continuous authorization for PIV and PKI systems. **What You Will Need:**• Minimum of FIVE (5) years of relevant IT or engineering experience, including at least 1–2 years of cloud support experience. • Hands-on experience working with credential management systems including Intercede MyID, HID solutions, PKI infrastructures, and certificate lifecycle management platforms. • Proven experience troubleshooting drivers, middleware, credentialing software, and authentication technologies. • Experience supporting and engineering Windows environments, as well as performing DBA responsibilities for Intercede or similar systems. • Bachelors degree from an accredited university. • Ability to obtain and maintain a Federal or DoD Public Trust clearance; candidates must receive adjudication prior to onboarding. • Candidates with an active Public Trust or Suitability determination are preferred.• A Master’s degree may substitute for four years of experience.**What Would Be Nice To Have:**• A Master’s degree may substitute for four years of experience.Experience with DevSecOps and Cloud software deploymentsThe annual salary range for this position is $98,000.00-$163,000.00. Compensation decisions depend on a wide range of factors, including but not limited to skill sets, experience and training, security clearances, licensure and certifications, and other business and organizational needs.**What We Offer:**Guidehouse offers a comprehensive, total rewards package that includes competitive compensation and a flexible benefits package that reflects our commitment to creating a diverse and supportive workplace.Benefits include:* Medical, Rx, Dental & Vision Insurance* Personal and Family Sick Time & Company Paid Holidays* Parental Leave* 401(k) Retirement Plan* Group Term Life and Travel Assistance* Voluntary Life and AD&D Insurance* Health Savings Account, Health Care & Dependent Care Flexible Spending Accounts* Transit and Parking Commuter Benefits* Short-Term & Long-Term Disability* Tuition Reimbursement, Personal Development, Certifications & Learning Opportunities* Employee Referral Program* Corporate Sponsored Events & Community Outreach* Care.com annual membership* Employee Assistance Program* Supplemental Benefits via Corestream (Critical Care, Hospital Indemnity, Accident Insurance, Legal Assistance and ID theft protection, etc.)* Position may be eligible for a discretionary variable incentive bonus
#J-18808-Ljbffr