Role: Senior Security Engineer – HSM & ICA Risk Management
Location : Dallas, Texas
Senior Security Engineer responsible for risk management, governance, and control oversight of enterprise Internal Certificate Authority (ICA) services and HSMaaS. This role focuses on cryptographic risk, PKI vulnerability management, AD CS template governance, and assurance across on-prem, HSM-backed, and Cloud PKI platforms. The position serves as a designated risk and control owner, providing oversight, challenge, and assurance to Cyber Risk, Audit, and Regulatory stakeholders.
This is not a pure PKI Engineering role; the emphasis is on risk identification, control effectiveness, vulnerability remediation, and policy enforcement for cryptographic services.
Key Responsibilities
PKI Vulnerability Management
Own PKI vulnerability management for internal and external certificate services, including:
Weak or deprecated algorithms and key sizes
Certificate template configurations
Enrollment permissions and privilege management
SAN injection and name constraint risks
Expired, orphaned, or non-compliant certificates
[additional items may be cut off / not visible]
[cut off] exceptions, and compensating controls where scanning is restricted
PKI & ICA Risk Management — Primary Focus
Act as risk owner for Internal CA (ICA) and HSM cryptographic services.
Identify, assess, and manage PKI-specific risks, including mis-issuance, weak cryptography, SAN abuse, key compromise, expired certificates, and trust chain failures.
Maintain PKI risk registers, control mappings, and risk acceptance documentation aligned with enterprise risk frameworks.
Partner with Cyber Risk (CRISK), Audit, Compliance, and Architecture teams to support exams, audits, regulatory inquiries, and management responses.
Translate PKI and cryptographic weaknesses into business and regulatory risk language suitable for leadership and auditors.
AD CS Template Access Governance
Review, approve, and govern Microsoft AD CS certificate templates from a risk and control perspective.
Own and manage AD security groups used for certificate enrollment and template permissions.
Enforce strict governance for templates that allow Subject Alternative Name (SAN) [cut off / partially visible]
[cut off] compliant access.
Cryptographic & HSM Risk Oversight
Provide security oversight for HSM-protected CA and signing keys, including custody, ceremonies, backup, and recovery.
Assess and mitigate cryptographic risks related to:
Key management practices and HSM configuration
Cloud PKI and SaaS certificate management platforms
Drive crypto-agility and Post-Quantum Cryptography (PQC) readiness from a risk perspective.
Incident Response & Assurance
Support investigation and root cause analysis of PKI-related security incidents, including certificate compromise or mis-issuance events.
Assess impact, risk exposure, and required remediation actions.
Produce risk-focused reporting and metrics for security leadership and governance forums.
Minimum Qualifications
5+ years in Security Engineering, PKI, Identity, or Cryptographic Infrastructure roles.
Strong understanding of PKI risk, certificate misuse scenarios, and control failures in
Interested candidates kindly drop the mail to
Never miss an opportunity! Create an alert based on the job you applied for.
