HSPD-12 Engineer

Guidehouse·Workday
United StatesFull-time$98k–$163kPosted Jul 7, 2026
Apply

Job Family:

IT Cyber Security (Digital)


Travel Required:

Up to 10%


Clearance Required:

Ability to Obtain Public Trust

What You Will Do:

The HSPD-12 Engineer serves as a subject‑matter expert in credential management systems with a primary focus on HSPD-12 Technologies, including Intercede MyID and PKI. This role provides advanced engineering, troubleshooting, and cloud‑support services while collaborating with development, security, and infrastructure teams to design and maintain secure, scalable, automated solutions. The HSPD-12 Engineer works independently or as part of a cross‑functional team to support mission‑critical environments.

• Provide engineering, operational, and lifecycle support for HSPD‑12 and PIV credentialing environments in alignment with FICAM, NIST, FISMA, and agency policy requirements.
• Engineer, maintain, and enhance credential management platforms including Intercede MyID, HID credentialing technologies, supporting middleware, smart card components, and Windows Server/database infrastructure.
• Manage core PIV/PKI infrastructure including Hardware Security Modules (HSMs), Certificate Authorities (CAs), Registration Authorities (RAs), certificate profiles, key management systems, and OCSP/CRL services.
• Oversee secure configuration, patching, firmware updates, backups, monitoring, and lifecycle management for HSMs and PKI systems supporting certificate issuance and PIV key generation.
• Support cloud‑hosted PIV/PKI services in AWS and Azure, including virtualized CAs, credentialing applications, and HSM‑integrated workloads.
• Use Terraform, Ansible, and automation frameworks to provision, configure, and maintain secure, compliant cloud and hybrid environments hosting PIV and certificate services.
• Implement policy‑as‑code, configuration baselines, and automated deployments to ensure consistent enforcement of HSPD‑12, NIST, and FICAM requirements.
• Automate deployment and maintenance of PIV credentialing applications, PKI services, middleware, and supporting components to ensure reliable and secure operations.
• Implement monitoring and alerting for critical PIV/PKI functions including certificate operations, HSM health, OCSP/CRL endpoints, issuance errors, and authentication performance.
• Troubleshoot complex issues across the credentialing ecosystem—including authentication devices, drivers, middleware, certificate chains, cryptographic services, and trust store configurations—across cloud and on‑prem environments.
• Support full credential lifecycle operations including issuance, activation, suspension, revocation, renewal, auditing, and compliance documentation.
• Maintain operational baselines, perform root cause analysis of recurring PIV/PKI issues, and implement durable remediation to strengthen system reliability.
• Ensure high availability, redundancy, and disaster recovery readiness across PIV and PKI infrastructure through resilient engineering and operational best practices.
• Apply and enforce security best practices across cloud, on‑prem, and credentialing systems to protect sensitive key material and maintain continuous compliance.
• Participate in audits, assessments, and accreditation activities to support continuous authorization for PIV and PKI systems.

What You Will Need:

• Minimum of FIVE (5) years of relevant IT or engineering experience, including at least 1–2 years of cloud support experience.
• Hands-on experience working with credential management systems including Intercede MyID, HID solutions, PKI infrastructures, and certificate lifecycle management platforms.
• Proven experience troubleshooting drivers, middleware, credentialing software, and authentication technologies.
• Experience supporting and engineering Windows environments, as well as performing DBA responsibilities for Intercede or similar systems.
• Bachelors degree from an accredited university.
• Ability to obtain and maintain a Federal or DoD Public Trust clearance; candidates must receive adjudication prior to onboarding.
• Candidates with an active Public Trust or Suitability determination are preferred.

• A Master’s degree may substitute for four years of experience.



What Would Be Nice To Have:

• A Master’s degree may substitute for four years of experience.

Experience with DevSecOps and Cloud software deployments

The annual salary range for this position is $98,000.00-$163,000.00. Compensation decisions depend on a wide range of factors, including but not limited to skill sets, experience and training, security clearances, licensure and certifications, and other business and organizational needs.


What We Offer:

Guidehouse offers a comprehensive, total rewards package that includes competitive compensation and a flexible benefits package that reflects our commitment to creating a diverse and supportive workplace.

Benefits include:

  • Medical, Rx, Dental & Vision Insurance

  • Personal and Family Sick Time & Company Paid Holidays

  • Parental Leave

  • 401(k) Retirement Plan

  • Group Term Life and Travel Assistance

  • Voluntary Life and AD&D Insurance

  • Health Savings Account, Health Care & Dependent Care Flexible Spending Accounts

  • Transit and Parking Commuter Benefits

  • Short-Term & Long-Term Disability

  • Tuition Reimbursement, Personal Development, Certifications & Learning Opportunities

  • Employee Referral Program

  • Corporate Sponsored Events & Community Outreach

  • Care.com annual membership

  • Employee Assistance Program

  • Supplemental Benefits via Corestream (Critical Care, Hospital Indemnity, Accident Insurance, Legal Assistance and ID theft protection, etc.)

  • Position may be eligible for a discretionary variable incentive bonus

About Guidehouse

Guidehouse is an Equal Opportunity Employer–Protected Veterans, Individuals with Disabilities or any other basis protected by law, ordinance, or regulation.

Guidehouse will consider for employment qualified applicants with criminal histories in a manner consistent with the requirements of applicable law or ordinance including the Fair Chance Ordinance of Los Angeles and San Francisco.

If you have visited our website for information about employment opportunities, or to apply for a position, and you require an accommodation, please contact Guidehouse Recruiting at 1-571-633-1711 or via email at RecruitingAccommodation@guidehouse.com. All information you provide will be kept confidential and will be used only to the extent required to provide needed reasonable accommodation.

All communication regarding recruitment for a Guidehouse position will be sent from Guidehouse email domains including @guidehouse.com or guidehouse@myworkday.com.  Correspondence received by an applicant from any other domain should be considered unauthorized and will not be honored by Guidehouse.  Note that Guidehouse will never charge a fee or require a money transfer at any stage of the recruitment process and does not collect fees from educational institutions for participation in a recruitment event. Never provide your banking information to a third party purporting to need that information to proceed in the hiring process.

If any person or organization demands money related to a job opportunity with Guidehouse, please report the matter to Guidehouse’s Ethics Hotline. If you want to check the validity of correspondence you have received, please contact recruiting@guidehouse.com. Guidehouse is not responsible for losses incurred (monetary or otherwise) from an applicant’s dealings with unauthorized third parties.

Guidehouse does not accept unsolicited resumes through or from search firms or staffing agencies. All unsolicited resumes will be considered the property of Guidehouse and Guidehouse will not be obligated to pay a placement fee.

Want jobs like this matched to you?

Swoopd scores fresh postings against your résumé so you only see the matches that matter.

Get started free