Certificate Automation Engineer 16725
Seneca Resources • Merrifield, Virginia, United States
Salary: $70 - $80 / hour
**Role & seniority: ** DevOps Engineer (Certificate Management & Engineering), contractor; seniority not explicitly stated
**Location & work type: ** Remote (US-based work authorization: US Citizens, Green Card holders, TN Visa, Green Card EADs)
**Stack/tools: **
-
PKI/X.509, TLS, certificate lifecycle automation
-
PowerShell (advanced scripting)
-
Kubernetes + cert-manager; TLSPK
-
CyberArk Venafi Trust Protection Platform / Certificate Manager (preferred)
-
SPIFFE/SPIRE and cloud-based certificate management (preferred)
-
Code/container signing automation; notifications/escalation scripting
-
Preferred/optional: Python, Bash, Go, Ansible, ServiceNow, vCert
-
Top 3 responsibilities:
-
Automate X.509 certificate lifecycle (issuance/renewal/replacement/decommissioning), reducing manual effort and expiration risk
-
Build/extend Kubernetes certificate automation (TLS/cert-manager/TLSPK) and deployment/renewal workflows
-
Implement scalable code and container signing processes; improve operational workflows (notifications/escalation) and support compliance
-
-
Must-have skills:
-
Strong X.509/PKI fundamentals (CA concepts, chain validation, revocation, SANs, key usage) and troubleshooting
-
Advanced PowerShell for secure, reliable automation (logging, error handling, credential management, scheduling)
-
DevOps experience supporting production operations (runbooks, monitoring/a
-
Full Description
Position Title: DevOps Engineer – Certificate Management & Engineering
Work Mode: remote
Work Authorization: US Citizens, Green Card Holders, TN Visa, Green Card EAD's
Position Status: Contract
Pay Rate: $70.00 - $80.00
Position Description
Join a dynamic team as a DevOps-focused Certificate Management & Engineering Contractor supporting enterprise operations and automation initiatives. This role is vital in enhancing certificate lifecycle management, automation workflows, and cloud/Kubernetes security efforts. You will design, develop, and implement automation solutions that streamline certificate renewal, inventory, and deployment processes, while reducing manual effort and risk. Your work will also drive modernization efforts involving Kubernetes certificate automation, code/container signing, and integration with cloud platforms to ensure security and operational excellence.
Key Responsibilities
Support day-to-day certificate lifecycle operations—issuance, renewal, replacement, decommissioning—focusing on automation to reduce manual handling and expiration risks. Develop and enhance automation tools for certificate deployment and renewal in modern platforms including Kubernetes with components like TLS, cert-manager, and TLSPK. Build scalable automation around code and container signing workflows, establishing repeatable, standardized procedures. Support platform tooling enhancements, particularly for CyberArk (Venafi) Certificate Management, and expand into cloud/Kubernetes certificate management practices leveraging machine identity solutions. Improve notification and escalation workflows through scripted communications and integrated operational workflows. Collaborate with engineering, security, and platform teams to ensure automation solutions are reliable, supportable, and compliant with operational standards.
Required Skills/Education
Extensive experience with X.509 certificate lifecycle management: request, issue, renew, replace, decommission, inventory, and monitoring.
Strong PKI fundamentals: certificate authorities, chain validation, revocation, SANs, key usage, and troubleshooting deployment issues. Advanced PowerShell scripting for automation, error handling, logging, secure credential management, and scheduling. DevOps mindset with proven experience supporting production environments, creating reliable runbooks, monitoring, and alerting solutions. Ability to work cross-functionally with security, infrastructure, and platform teams to deliver supportable automation.
Preferred Skills
Experience with Venafi Trust Protection Platform / CyberArk Certificate Manager (self-hosted and Kubernetes-based). Knowledge of Kubernetes cert-manager, SPIFFE/SPIRE, and cloud-based certificate management practices. Familiarity with scripting languages such as Python, Bash, Golang, and Ansible. Knowledge of ServiceNow, vCert, and related tooling.
Success Measures
Significant reduction in manual certificate tasks and human touchpoints, especially renewal and deployment workflows. Enhanced notification and escalation workflows, decreasing unanticipated expirations. Deployment of operational, supportable automation for Kubernetes and cloud environments, documented and compliant with change management policies.
Why Work With Us
When you work with us, you’re joining a trusted partner committed to your professional growth. Our team offers competitive pay, comprehensive health and retirement benefits, and ongoing support to help you succeed in impactful, mission-critical projects. We celebrate diversity and are dedicated to fostering an inclusive environment for all qualified candidates.
About Seneca Resources
At Seneca Resources, we are more than just a staffing and consulting firm; we are your trusted career partner. With offices across the U.S., we connect talented professionals with leading organizations—from Fortune 500 companies to government agencies—helping you grow your career while making a meaningful impact. Our team invests in your success and is committed to matching you with roles aligned to your skills and aspirations.
