• Oversee and manage the construction phase for geothermal projects. • Conduct site visits weekly during a typical bore field installation phase. • Observe and document the following activities: Borehole Drilling & GLHX Installation: Depth verification, casing installation, GLHX length confirmation, grout tremie installation, grout batch tracking, pressure and flow testing, grout sampling. • Water management Procedures: Observed and report on water management as a result of drilling activities. • Lateral Piping Installation: Heat fusion procedures, sectional pressure testing, backfill/bedding practices, and final pressure readings. • Manifold/Vault Installation: Installation verification, pre-backfill pressure tests, hydrostatic leak testing of the complete system. • Flushing & Purging: Filtration setup, flushing and purging verification, water sampling, completion confirmation. • Materials Verification: Confirm materials match approved submittals. • Produce detailed observation reports and maintain a site visit logging tracker. • Maintain contract records and ensure compliance with all terms and specifications.

• Serve internal customers by facilitating learning and training in the company portal. • Ensure all employees have access to the programs and issue certifications. • Ensure compliance with company, regulatory, and customer requirements are documented and reportable. • Partner closely with Business Systems and Safety and Training Support team members to maintain the integrity of the system. • Works closely with field training managers to ensure new hires successfully complete onboarding training requirements. • Ensure successful execution of department training objectives, including documentation and reporting. • Support day-to-day activities for all Safety and Training staff.

Role Description We are seeking a hands-on PKI Engineer to provide day‑to‑day operations, maintenance, and lifecycle management of our enterprise PKI services. This role ensures the integrity, availability, and compliance of cryptographic services that underpin PIV badge issuance and validation, YubiKey authentication, SSL/TLS certificate management, and Entrust Certificate Authority (CA) platforms. Key Responsibilities - Operations & Maintenance - Operate and maintain enterprise PKI components: root and issuing CAs, Registration Authorities, OCSP responders, CRL distribution points, and associated directory services (e.g., AD/LDAP). - Perform routine health checks, capacity planning, patching, and disaster recovery testing for PKI infrastructure. - Monitor certificate lifecycles (issuance, renewal, revocation) and SLAs; resolve certificate-related incidents and service requests. - Administer and support Entrust PKI platforms (e.g., Security Manager/CA), including policy configuration, profiles, and integration with downstream systems. - Manage SSL/TLS for internal and external services (web apps, APIs, load balancers, proxies), including naming, SAN management, cipher suite alignment, and automated renewals (e.g., ACME/EST/SCEP). - Support PIV credential operations (card issuance, certificate personalization, revocation, and validation services) and YubiKey lifecycle tasks (enrollment, attestation, firmware considerations, and policy profiles). - Security, Compliance & Governance - Enforce PKI policy (CP/CPS), key management procedures, and secure key ceremonies aligned with organizational and regulatory requirements (e.g., FIPS 140-2/3 for HSMs, FIPS 201 for PIV, NIST guidance). - Maintain comprehensive documentation: system runbooks, SOPs, CP/CPS updates, architectural diagrams, data flows, and audit artifacts. - Partner with Audit/Compliance to support assessments, evidence collection, control testing, and remediation (e.g., NIST 800-53 control families, certificate governance). - Implement segmentation and access controls for PKI components; manage privileged access and break‑glass procedures. - Track and remediate vulnerabilities affecting PKI (CAs, cryptographic libraries, protocol configurations). - Engineering & Automation - Build and maintain automation for certificate issuance/renewal, inventory, and reporting (e.g., PowerShell, Python, REST APIs, Ansible). - Integrate PKI with identity platforms and authentication flows (e.g., smart card/PIV login, YubiKey-based MFA, SSO, federation). - Advise application teams on certificate requirements (key types, key sizes, curves, CSP/KSP settings), mTLS patterns, and mutual trust establishment. - Lead PKI service improvements: scaling, high availability, telemetry/observability, and performance tuning. - Evaluate and implement modern cryptographic practices (e.g., SHA-2/3, ECC, post-quantum readiness planning as appropriate). - Collaboration & Support - Serve as the PKI SME for projects and incident response; provide Tier 3 support and root cause analysis. - Coordinate with vendors (e.g., Entrust) for platform upgrades, troubleshooting, and feature enablement. - Train and mentor engineers/administrators on PKI operations, certificate hygiene, and secure usage patterns. Qualifications - Minimum of 8 years with BS/BA; Minimum of 6 years with MS/MA; Minimum of 3 years with PhD, 12 years with a HS Diploma. - 5–8+ years of experience in enterprise security/identity engineering, with 3+ years directly operating PKI/CA systems. - Hands-on expertise with Entrust CA platforms (or equivalent enterprise CA, OCSP/CRL, and directory services (AD/LDAP). - Strong knowledge of X.509, certificate profiles, key algorithms (RSA/ECC), key escrow, key rotation, and cryptographic modules. - Experience managing SSL/TLS for large environments (web servers, application gateways, load balancers, containers/K8s ingress). - Operational experience supporting PIV smart cards and YubiKeys in enterprise authentication/MFA scenarios. - Proficiency in scripting/automation (PowerShell, Python) and working with PKI APIs (ACME/EST/SCEP/REST). - Familiarity with security frameworks/standards (e.g., FIPS 201, FIPS 140-2/3, NIST SP 800‑53/63, CP/CPS governance). - Strong troubleshooting skills across Windows/Linux, networking (TLS handshakes, certificate chains, OCSP/CRL reachability), and application integrations. - Excellent documentation, communication, and stakeholder management capabilities. Benefits - Target Salary Range: $104,000 - $166,000. This represents the typical salary range for this position. - Salary is determined by various factors, including but not limited to, the scope and responsibilities of the position, the individual’s experience, education, knowledge, skills, and competencies, as well as geographic location and business and contract considerations. - Depending on the position, employees may be eligible for overtime, shift differential, and a discretionary bonus in addition to base pay. Company Description Peraton is a next-generation national security company that drives missions of consequence spanning the globe and extending to the farthest reaches of the galaxy. As the world’s leading mission capability integrator and transformative enterprise IT provider, we deliver trusted, highly differentiated solutions and technologies to protect our nation and allies. Peraton operates at the critical nexus between traditional and nontraditional threats across all domains: land, sea, space, air, and cyberspace. The company serves as a valued partner to essential government agencies and supports every branch of the U.S. armed forces. Each day, our employees do the can’t be done by solving the most daunting challenges facing our customers.

• Unterstützung unserer Kunden über remote-Zugriff von deinem Büroarbeitsplatz aus • Pflege der IT-Anwendungen unserer Kunden und Sicherstellung des störungsfreien Betriebsablaufs • Unterstützung bei Infrastruktur-Optimierungen • Durchführung von Systemwartungen und Installation von Updates