Cloud PKI Automation Engineer

Bank of America•Addison, IL

2d•Onsite

About The Position

At Bank of America, we are guided by a common purpose to help make financial lives better through the power of every connection. We do this by driving Responsible Growth and delivering for our clients, teammates, communities and shareholders every day. Being a Great Place to Work and providing a culture of caring is core to how we drive Responsible Growth. We are intentional about fostering an inclusive workplace where every teammate has the opportunity to succeed, build a career and contribute to our shared success. This includes attracting and developing exceptional talent, recognizing and rewarding performance, and supporting our teammates’ physical, emotional, and financial wellness through affordable, competitive and flexible benefits. We value the unique perspectives individuals bring from all backgrounds and career paths - whether shaped by military service, community college education, or a wide range of work and life experiences. These journeys foster resilience, leadership and innovation, strengthening our workforce and positively impact the communities we serve. Bank of America is committed to an in-office culture that supports collaboration, engagement, and career development. Our approach includes clear in-office expectations, while providing an appropriate level of flexibility based on role-specific responsibilities and business needs. At Bank of America, you can build a successful career with opportunities to learn, grow, and make an impact. Join us! Job Description: T We are seeking a Cloud PKI Automation Engineer to support and enhance Public Key Infrastructure (PKI) and certificate‑based security services within an enterprise environment. This role focuses on the implementation, configuration, and support of certificate platforms, enrollment services, and secure communications used by applications and infrastructure systems. The ideal candidate has a strong foundation in PKI technologies, certificate enrollment protocols, and Linux/Windows environments, and is comfortable contributing to engineering solutions under guidance while continuing to build depth and independence. Why This Role Matters This position supports the foundation of enterprise trust by ensuring certificate and PKI services operate reliably and securely on premise and in the cloud. The work helps protect system boundaries, enable secure connectivity, and reduce operational risk across critical platforms.

Requirements

5+ years of experience in systems engineering, security engineering, or infrastructure roles.
Working knowledge of PKI concepts, certificate authorities, and digital certificates.
Hands‑on experience with certificate enrollment protocols (e.g., SCEP, EST, ACME) in operational or engineering contexts.
Experience troubleshooting TLS authentication failures, certificates, and secure communications in Linux and Windows environments.
Proficiency in at least one programming or scripting language (e.g., Java, Python, Shell).
Familiarity with Linux‑based systems supporting security or infrastructure services.
Ability to follow established engineering standards while identifying opportunities for improvement.
Strong analytical skills and a methodical approach to problem solving.
Clear written and verbal communication skills.

Nice To Haves

Exposure to containerized or virtualized platforms such as Docker, Kubernetes, or VMware.
Experience supporting or integrating PKI gateway services or enrollment services.
Familiarity with networking fundamentals relevant to secure certificate transport.
Experience working within Agile or structured engineering environments.

Responsibilities

Support the design, configuration, and operation of enterprise PKI systems, including certificate authorities and supporting services.
Implement and maintain certificate enrollment services and protocols such as SCEP, EST, ACME, CMPv2, and related mechanisms.
Assist with certificate lifecycle management (issuance, renewal, revocation) to ensure reliability and availability of secure services.
Troubleshoot PKI, TLS, and certificate‑related issues, escalating complex design matters as appropriate.
Support certificate services deployed across on‑premises, virtualized, and hybrid environments.
Contribute to automation, scripts, or tooling enhancements that improve operational efficiency.
Participate in testing, release support, and defect resolution for PKI‑related platforms and services.
Collaborate with senior engineers, architects, and operations teams to implement approved designs.
Maintain documentation, runbooks, and configuration standards for supported systems.