IAM Senior Engineer Public Key Infrastructure (PKI)

About The Position

Requirements

• Bachelor’s degree in Computer Science, Engineering, or related field (or equivalent experience).
• 10+ years in IT or Cybersecurity, with 8+ years focused on PKI, cryptography, or identity security engineering.
• Proven hands-on experience with Microsoft Active Directory Certificate Services (ADCS) and enterprise PKI management.
• Strong understanding of X.509, TLS/SSL, OCSP, CRL, HSM, and certificate policy frameworks.
• Experience with DigiCert ONE, or similar certificate lifecycle automation tools like Venafi, AppViewX..
• Understanding of hardware root of trust, secure boot, and device identity models.
• Experience automating certificate issuance and renewal using PowerShell, Python, or API-based workflows.
• Familiarity with cloud-native certificate services (AWS PCA, Azure Key Vault, Google CA Service) and FIDO2/WebAuthn implementations.
• Knowledge of integrating PKI with Identity and Access Management (IAM), Privileged Access Management (PAM), and Secrets Management platforms.
• Solid understanding of Zero Trust principles, encryption standards, and cryptographic lifecycle management.
• Exposure to DevSecOps pipelines and CI/CD integration for code signing.
• Certifications such as CISSP, CCSP, Microsoft Cybersecurity Architect, or GIAC GCLD/GMOB/GCWN.

Responsibilities

• Design, deploy, and maintain enterprise PKI architectures supporting both on-premises and cloud environments (ADCS, AIA/CRL, OCSP, HSM, Root/Issuing CAs).
• Implement certificate lifecycle automation and governance for servers, endpoints, IoT, and application workloads.
• Lead modernization of PKI services to support phishing-resistant authentication (FIDO2, smartcards, device certificates, mutual TLS, etc.).
• Integrate PKI with IAM solutions such as Entra ID, Okta, CyberArk, and HashiCorp Vault for secure credential and key management.
• Manage and maintain Hardware Security Modules (HSMs) and key escrow solutions for signing and encryption workloads.
• Support code signing, device identity, and TLS/SSL certificate issuance in alignment with enterprise standards.
• Define and enforce policies, procedures, and security controls for key and certificate usage, issuance, and renewal.
• Collaborate with security operations and compliance teams to ensure audit readiness, incident response, and certificate-related risk mitigation.
• Provide technical leadership, mentoring, and SME support to IAM and platform engineering teams.

Benefits

• Health & Wellbeing We strive to provide our team members and their loved ones with a comprehensive suite of benefits that supports their physical, financial and emotional wellbeing.
• Personal & Professional Development We also invest in your career because the better you are, the better we all are. We have specific programs catered to helping you reach any career goals you have — whether you want to become a knowledge expert in your field or apply your skills to another division.
• Unconditional Inclusion We are unconditionally inclusive in the way we work and celebrate individual uniqueness. We know varied backgrounds are valued and succeed here. We have the flexibility to manage our work and personal needs. We make bold moves, together, and are a force for good.