Role Purpose We are looking for an experienced Microsoft PKI/AD CS Specialist to assess, design and support implementation of an on-premise certificate life cycle management solution for a Microsoft-based enterprise environment.andnbsp;andnbsp; Key Responsibilities 1. Current-State PKI Assessment Review the existing on-premise Microsoft CA/AD CS configuration. Assess CA hierarchy, root/intermediate CA design, issuing CA configuration and certificate policies. Review certificate templates, issuance permissions, auto-enrolment settings and approval workflows. Assess CRL, OCSP, revocation checking and certificate chain availability. Review current server certificate usage across domain-joined, internal, SQL/SSRS and DMZ/workgroup Servers. Identify current risks, gaps and improvement areas in certificate life cycle management. 2. Target PKI Architecture Design a secure and supportable Microsoft PKI/AD CS target architecture. Define certificate templates for internal server authentication, SQL Server, SSRS, application portals and internal HTTPS endpoints. Define certificate validity periods, renewal periods, key lengths, algorithms, SAN naming standards and subject naming conventions. Define auto-enrolment patterns for domain-joined Windows Servers. Define secure issuance and renewal options for non-domain-joined DMZ/workgroup Servers. Recommend whether the existing CA can be reused, remediated or whether additional configuration is required. Produce practical design ..... full job details .....