Senior PKI engineer

CVS Health

Remote

Quick summary

Work type
Remote
Location
Remote
Salary
$92,700–$185,400 / yr
Posted
3 days ago
Closes
Aug 2, 2026

Market check

Salary context

Below market

How this pay compares to similar roles

Similar $170k
This role $139k
$78k most similar roles pay here $226k

This role pays less than 80% of similar roles. Most pay $142,400–$196,750 — the shaded band above. At the midpoint, this role pays about $139k versus about $170k for comparable roles.

Based on 240 similar postings.

Employer

About CVS Health

CVS Health is a leading American healthcare company operating retail pharmacies, pharmacy benefit management services, and a health insurance segment through Aetna, one of the nation''s largest health insurers. Industry: Healthcare & Pharmacy

CVS Health currently has 103 open roles on FindRole.

Listed pay typically runs $118,450–$272,435 across 100 roles with salary data.

Most-posted roles

View all roles at CVS Health

At a glance

TL;DR · Senior PKI engineer

Apply Now Log in to save

As a PKI Engineer at CVS Health, you will join the PKI Engineering team to design and manage certificate lifecycle operations across two major business units, handling thousands of certificates. Your daily tasks include automating certificate issuance, renewal, and reporting using PowerShell and Python scripts, integrating with Venafi TPP REST APIs for governance workflows, and ensuring compliance with HIPAA, PCI-DSS, and SOX regulations through robust security measures. You will also decommission legacy systems by February 2027 and collaborate with network and cloud teams to resolve incidents. Required skills include extensive PKI/CLM experience, expertise in X.509 standards, and proficiency in automation tools like PowerShell and Python. Familiarity with healthcare compliance frameworks and enterprise CLM platforms such as Venafi TPP is essential for this role.

Skills

Python PowerShell Venafi TPP DigiCert ONE AWS Azure Key Vault F5 BIG-IP Akamai IIS Apache Nginx X.509 TLS/SSL CRL OCSP REST APIs ServiceNow CI/CD Zero Trust mTLS Workload Identity HIPAA PCI-DSS SOX

What you'll do

  • Engineer and maintain PowerShell and Python scripts for certificate lifecycle operations.
  • Own daily PKI operational reporting to monitor certificate health across the enterprise.
  • Automate certificate governance workflows using Venafi TPP REST APIs.
  • Drive private chain adoption, migrating internal workloads off public CA chains.
  • Execute Legacy MSCA shutdown plan and remediate certificates tied to legacy CA.

What we're looking for

  • 5+ years of hands-on PKI/CLM engineering experience in an enterprise environment.
  • Deep knowledge of X.509 certificate standards and CA hierarchies, including root, intermediate, and issuing CAs.
  • Production experience with Venafi TPP or equivalent CLM platforms.
  • Strong scripting skills in PowerShell and Python for automation and REST API integration.
  • Hands-on experience provisioning certificates to load balancers, CDNs, web servers, and cloud platforms.
  • Solid understanding of TLS/SSL protocols, cipher suites, key exchange mechanisms, and certificate revocation processes.
  • Familiarity with ITSM/project tracking tools like ServiceNow or Jira in a regulated enterprise environment.

Related searches

More Senior PKI engineer jobs Remote Senior PKI engineer jobs All jobs at CVS Health

More like this

Similar roles

Lead, PKI Security Engineer

Prudential Financial

Newark, NJ 45 days ago $133,600$220,400
Keyfactor Command Venafi EJBCA Digicert HashiCorp Vault AWS Azure Docker Kubernetes HSM appliances cloud KMS services Splunk CI/CD PKI architecture certificate lifecycle management monitoring tools containerization technologies
Save

Staff Cybersecurity Engineer - PKI/Secrets Management

General Motors (GM)

Remote (Gm Global Technical Center - Michigan It Innovation Center) 30 days ago
HashiCorp_Vault Terraform AWS GCP Azure Kubernetes CI/CD Python Go Rust OAuth_2.0 OIDC WebAuthn FIDO2 HSM Entrust Thales FIPS_140-2 PCI-DSS PKI Public_Key_Cryptography
Remote Hybrid
Save

PKI Network Engineer

Leidos

Quantico, VA 56 days ago $73,450$132,775
PKI Microsoft Active Directory ADCS Keyfactor EJBCA CertAgent Red Hat CA OCSP Axway Validation Authority Suite HSM Unix Windows CISSP Security+ DoD PKI Military Networks SIPRNET TMS CVI SAN Server Management Event Management Information Assurance Policy Virtual Infrastructure Configuration Management
Save

Senior Cyber Cryptographic Engineer

Capital One Financial

Riverwoods, IL 8 days ago $147,100$167,900
AWS Python Terraform PKI Key Management DevOps CI/CD Agile CloudWatch GuardDuty Macie Config CloudTrail Serverless Lambda Scalable Cloud Applications Cryptographic Controls Certificate Lifecycle Processes Security Hardening Advanced Cryptography
Save

Sr./Lead Software Engineer, Enterprise PKI

Salesforce

Remote (San Francisco, CA) 28 days ago $148,500$260,100
Python Golang Java Linux Git DevOps CI/CD EJBCA X.509 CRL OCSP SCEP EST ACME CMP Trusted Platform Module Hardware Security Module Kubernetes Istio SPIRE cert-manager NIST ISO SOC 2 OWASP CWE MFA Zero Trust secrets management
Remote
Save

Staff Engineer - PKI

GEICO

Remote (Bethesda, MD) 6 days ago $115,000$230,000
Kubernetes Docker Python Go Rust AWS Azure GCP Terraform CI/CD GIT Jenkins CircleCI SonarQube PKI ADCS Certificate_Template_management Enrollment_and_Issuance_Criteria Cryptography OpenShift Prometheus Grafana
Remote
Save