Maintain and enhance a hybrid environment Certificate Lifecycle Management (CLM) solution that integrates with on-premises Microsoft Certificate Authority, cloud, and SaaS applications.
Maintain and enhance an on-premises Hardware Security Module (HSM) solution to protect cryptography keys used by the company within applications and servers.
Identify, engineer, and champion expanded use of the PKI within the Organization's infrastructure.
Provide ongoing integration support with application teams and cryptography assistance.
Provide infrastructure implementation assistance and operational services for BYOK/EKM (Bring your own key/Enterprise Key Management) infrastructures hosted on-premises and AWS (Amazon Web Services) Cloud HSM and Azure KeyVault.
Perform ongoing assessments and remediation of existing PKI infrastructure Implementation of policies, digital signatures, and access control for existing and future use cases.
Partner with all stakeholders and external vendors to design, develop, deploy, and support the best possible solution to meet the company business needs
Enable autorenewal automation with both private and public certificates on web and internal facing applications
Help transform current digital certificate management ecosystem, by focusing on the management of crypto keys used primarily for traditional data in transit use cases (e.g., SSL) as well as emerging use cases such as internet of things (IoT) and artificial intelligence (AI)
Work closely with the Windows, Unix, Application Engineering and Operations team to support and integrate security at every level into the environment
Work independently and as part of a team to urgently analyze and troubleshoot escalated issues from Tier II, train and provide technical training to Tier I & II Technician; Act as Tier III support for all PKI/Certificate related issues as well as other responsibilities/duties as assigned. Efficiently troubleshoot/prioritize issues and create a culture of root cause analysis.
Assist in maturing network/system security engineering and maintenance practices
Demonstrated knowledge of the PKI environment and cryptographic needs of businesses.
Experience preparing detailed architecture, and design documents
Manage multiple projects simultaneously and can adapt to changing business needs.
Work well with cross functional global and remote teams.
Self-disciplined, self-starter who can provide leadership and mentor others while resolving complex incidents and delivering projects.
Ability to analyze complex problems, propose effective solutions and understand and apply business vision and direction.
Ability to be called upon 24/7 in case of urgent emergencies.
Ability and willingness to learn new things in a fast-paced environment.
Specific experience with deploying, managing, and administrating specific certificate lifecycle management tools such as AppViewX, Keyfactor, or Venafi
Experience with management vaulting solutions such as CyberArk or HashiCorp
Experience with network detection tools such as Darktrace, Cisco Stealthwatch, ExtraHop a big plus.
Experience with Network Security tools such as Qualys, Tenable, Palo Alto Networks, Cloudflare, network troubleshooting tools (sniffer, syslog, NetFlow, TCPDUMP, Wireshark etc.), Intrusion Detection, Incident Response, Data Encryption, Network Access Controls, Threat Management, and proper IT related Security Controls will be considered a big plus.
Hands-on operational experience and management of AWS/Azure services.
Although specific certifications are not required, they are a big plus. Including: CCNA/CCNP Routing & Switching, Palo Alto Networks Security certifications (PCSNE), Security+, CCNA Security, or CISSP.
Previous experience with managing Windows/Unix Servers, Checkpoint, Fortinet, Fireeye, Proofpoint, Cloudflare, F5 Silverline a plus.