Architect Design & Implem. Specialist

About The Position

Requirements

• Bachelor's or master’s degree in computer science, Information Security, or a related technical field.
• 6+ years of hands-on experience with Microsoft Active Directory Certificate Services (AD CS) -OR Equivalent platform, including design, deployment, and troubleshooting of Certificate Authorities (CAs), Online Responders (OCSP), and Network Device Enrollment Service (NDES).
• 3+ years of expertise in certificate lifecycle management (CLM) platforms (e.g., Venafi, AppViewX, Keyfactor) and Hardware Security Modules (HSMs) (e.g., Thales, nCipher, Utimaco).
• 5+ years of proven track record of successfully delivering complex PKI projects in large-scale enterprise environments.
• 5+ years of experience driving products from concept and ideation through successful launch.
• 5+ years of experience working on a team employing standardized project delivery methods (Agile/Scrum development methods preferred).
• 5+ years of experience in understanding and working with non-functional requirements.
• 5+ years of experience of working in an enterprise environment.
• Proficiency in PowerShell for AD Certificate Services administration and automation; experience with Python for security tool development is a plus.
• Knowledge of (functional) testing methodologies and tools, including test automation.
• Root cause analysis, debugging methods, and diagnostic tools.
• knowledge of Databases and query language (e.g., SQL).
• Knowledge of modern operating systems (especially but not limited to MS Windows and Unix/Linux derivates).
• IT Security and risk assessment.
• Knowledge of certificate lifecycle management and Public Key Infrastructure.

Responsibilities

• Architects and deploys Microsoft Active Directory Certificate Services (AD CS) components, including Certificate Authorities (CAs), Online Responders (OCSP), Certificate Revocation Lists (CRLs) and Network Device Enrollment Service (NDES).
• Manages the full certificate lifecycle using advanced Certificate Lifecycle Management (CLM) platforms and Hardware Security Modules (HSMs).
• Develops and implements automation scripts (PowerShell, Python) for PKI operations, certificate issuance, revocation, and monitoring.
• Implements proof of concepts for PKI solutions.
• Provides expert-level (Tier 3) support for complex PKI and Certificate Management incidents, performing root cause analysis and implementing permanent solutions.
• Collaborates with cross-functional teams, including Product Owners, DevOps, and IT Security, to integrate PKI solutions into various applications and services.
• Contributes to the overall security architecture, providing expert guidance on cryptographic standards, key management, and secure communication protocols.
• Conducts comprehensive risk assessments for PKI deployments and develops mitigation strategies to ensure compliance with industry regulations and internal security policies.
• Creates and maintains high-quality technical documentation, including design specifications, operational procedures, and test plans.
• Conducts research on existing systems and devise solutions that work within those systems.
• Responds to questions regarding PKI and Certificate Management capabilities and requirements.
• Maintains a high-level understanding of the organization's IT-Security processes and requirements.
• Works on the delivery of DevOps User Stories within specified functional area(s).
• Supports the roll-out and operation of global Public Key Infrastructure (PKI) and Certificate Management initiatives within the Group for multiple departments and all global locations.
• Understands and models VPS (Value Added Production System) Principles and concepts of Standard Work and Problem Solving.
• Adheres to 5S and Safety Standards and Principles.
• Performs other duties as assigned by Group Operations Supervisor