Job Description
Apply security skills to design, build and protect enterprise systems, applications, data, assets, and people. Provide services to safeguard information, infrastructures, applications, and business processes against cyber threats.
PKI & Certificate Management Engineer Summary of the role: Own day-to-day operation and reliability of enterprise PKI and certificate lifecycle services across hybrid/multi-cloud. Key Responsibilities (Run/Operations): Operate issuing CAs (ADCS / EJBCA / Entrust) including templates/profiles, CRL/OCSP publishing, AIA/CDP endpoints, HA/DR. Administer CLM platforms (Keyfactor/Venafi): automated renewals, discovery scans, inventory accuracy, connector health. Monitor SLOs & alerts (issuance latency, renewal success, OCSP availability, expiry coverage); drive incident response & RCA. Execute key ceremonies, HSM operations (nShield/Thales), custody logs, backup/restore and DR tests. Troubleshoot TLS/mTLS, chain building, cipher/ALPN, OCSP stapling, trust store issues (servers, devices, service meshes). Maintain runbooks, change patterns, patching cadence, RBAC reviews; support audits and evidence collection (CP/CPS adherence). Partner with app/network/cloud teams to onboard use cases (servers, APIs, WAF/LB, firewalls, containers). Professional & Technical Skills: Strong Windows/Linux admin, networking/PKI fundamentals (X.509, RSA/ECC, CRL/OCSP). Scripting & automation (PowerShell/Python), IaC for ops (Ansible/Terraform basics), REST APIs. HSM operations; Azure/AWS/GCP Key Vault/KMS familiarity; proxy/LB experience. Automated CLM (Keyfactor, Venafi): Preferred. Qualifications / Experience: 46 years infra/security/SRE with 3+ years PKI/CLM operations; on-call experience; audit/controls exposure (NIST/ISO) Full-time
Hybrid
Security Platform (PKI/CLM) Minimum 2 year(s) of experience is required
