Principal Engineer – Pki

Principal Engineer – Pki

Requirements

• BA/BS in Cybersecurity, Information Technology, or related field; advanced degree preferred, Computer Science, Computer Engineering or Related Field.
• 12+ years of IT experience, 8+ years’ experience designing, deploying, and supporting PKI environments in a Windows domain.
• Sound knowledge and experience in Enterprise Architecture, Strategy, and IT Security.
• Strong understanding of IAM domain including Access Management, Authentication, and Key Management implementations.
• Strong experience with PKI automation and Certificate lifecycle management.
• Demonstrated experience implementing PKI for large firms.
• In-depth knowledge of PKI principles with subject matter expertise in developing best practices around standardized management of access controls.
• Understanding of IAM relevant technical security skills, such as Identity Governance, Single Sign-On and authentication, Multi-Factor Authentication, Microsoft and AD tools for Access Management and controls, Privileged access management, and AWS security.
• Excellent analytical skills with high attention to detail and accuracy.
• Strong problem-solving skills, with the ability to identify root causes and develop solutions.
• Excellent leadership, communication, and collaboration skills.
• Ability to articulate complex technical concepts, both verbal and written to non-technical stakeholders.
• Strong interpersonal skills, with the ability to work with many levels of management and across multiple lines of business and corporate functions.
• Experience managing global teams that include employees and vendors.
• Experience managing vendors driving SLAs.
• Skilled in handling stressful situations with perseverance and professionalism.
• Ability to guide teams through complex issues and drive resolution for issues.
• Ability to build project plans, translate directives, and present project deliverables to upper management.
• Ability to think strategically, balancing long and short-term priorities.
• A high degree of adaptability/flexibility.
• Willingness to challenge business operating models when necessary.

Responsibilities

• Lead the infrastructure protection strategy to create, evolve, and secure our internal Public Key Infrastructure (PKI) and credential management security strategy.
• Create design components, develop code, and test changes using test-driven development methodologies.
• SME and technical lead for Internal Certificate Authority and PKI implementation.
• Provide subject matter expertise in resolving complex problems related to infrastructure and PKI.
• Manage, secure, engineer and provide governance for key and certificate management services, including supporting robust, enterprise-grade Public Key Infrastructure (PKI), certificate lifecycle management (CLCM), infrastructure automation and credential management (CMS) systems.
• Manage hardware security modules (HSMs) and Key Management.
• Implement and maintain an automated certificate renewal program; capture use-cases for certificate revocation, enrollment & renewal processes.
• Monitor creation of encryption keys to ensure they are protected against modification, and private keys are protected against unauthorized disclosure.
• Contribute to the design of new Entra ID infrastructure from PKI perspective.
• Define Trust Strategies and understand security and governance requirements for Certification Authorities.

Preferred Qualifications

• Knowledge in Keyfactor and Entrust products is preferred.
• Relevant certifications (PKI, CISSP, KMS) is a plus.