Overview
Skills
Job Details
Key Responsibilities
PKI Solution Implementation: Design, deploy, configure, and manage highly available PKI solutions, with a primary focus on the Venafi Trust Protection Platform and DigiCert One within the client's environment.
Application & Enterprise Integration: Integrate PKI and certificate management solutions with a wide variety of the client's enterprise applications, cloud services, and DevOps pipelines.
Machine Identity Management: Develop and implement strategies for effective machine identity and key lifecycle management, including discovery, creation, distribution, rotation, and revocation of cryptographic keys and digital certificates.
HSM & Code Signing: Configure, deploy, and manage Hardware Security Modules (HSMs) to secure critical cryptographic keys. Implement and manage secure code signing processes to ensure the integrity and authenticity of the client's software.
Troubleshooting and Support: Act as the subject matter expert for PKI-related issues, providing advanced troubleshooting for certificate-related incidents and integration failures. Serve as an escalation point for the project team.
Security and Compliance: Ensure that all PKI configurations and integrations adhere to the client's security standards and compliance requirements (e.g., NIST, ISO 27001).
Collaboration: Work closely with client application owners, security architects, project managers, and other stakeholders to gather requirements and deliver robust PKI solutions.
Documentation: Create and maintain detailed documentation of the PKI architecture, configurations, integrations, and operational processes for project deliverables.
Qualifications:
Bachelor's degree in Computer Science, Information Technology, or a related field, or equivalent practical
Experience
PKI Expertise: Minimum of 3-5 years of hands-on experience with enterprise PKI solutions, with a demonstrated focus on certificate and machine identity lifecycle management. Specific, deep expertise with Venafi and DigiCert One is mandatory.
Security Fundamentals: Strong understanding of cryptographic concepts, PKI, and machine identity management principles.
Technical Protocols: In-depth knowledge of cryptographic protocols (TLS/SSL, S/MIME), certificate enrollment protocols (SCEP, EST), and directory services (Active Directory, LDAP).
Technical Skills: Proven experience with integrating PKI solutions into enterprise applications, cloud platforms (AWS, Azure), and CI/CD pipelines. Familiarity with Hardware Security Modules (HSMs). Proficiency in PowerShell or other scripting languages for automation is necessary.
Problem-Solving: Excellent analytical and problem-solving skills, with the ability to troubleshoot complex technical issues in a project-based environment.
Communication: Strong written and verbal communication skills, with the ability to articulate complex technical concepts to both technical and non-technical stakeholders.
Desired:
Experience working in a professional services or consulting environment on client-facing projects.
Familiarity with other PKI and security tools (e.g., Microsoft AD CS, HashiCorp Vault, CyberArk).
Relevant industry certifications (e.g., CISSP, CISM, or vendor-specific credentials).
Understanding of ITIL processes for incident, change, and problem management.