Identity & Access Management – Associate Principal (PKI Engineering)

About The Position

Requirements

• Bachelor’s degree in technology or engineering
• 12 plus years of overall IT and security experience
• 10 plus of experience of PKI, Cryptography/ Encryption technologies, NHI management and EKCLM
• Proficient in PowerShell scripting, API development and integration
• Good working knowledge of various cloud platforms (Azure, AWS) focused on deployment and integration
• Skilled at collaborating across cross-functional teams and with a multicultural experience
• Teamwork and Leadership/Coaching capabilities
• Good working knowledge of cryptographic and modern auth protocols
• Well versed with Certificate based authentication and device trust
• In depth knowledge of Active Directory Certificate Services (AD CS)
• In depth knowledge of CRL and OCSP and their functionality
• Familiarity with PKI and cryptographic terminology and management
• Hands on experience and Working knowledge of Thales HSM
• Hands on experience and working knowledge of public CA
• Good working knowledge of cloud platforms (Azure and AWS) and SaaS offerings for PKI and EKCLM
• Knowledge of Active Directory domain service
• Knowledge of scripting languages such as PowerShell, API based automation
• Knowledge of ITSM processes like request, incident, change management etc.
• Ability to work as a team player and support cross functional teams
• Results-oriented, able to complete assignments in a timely and accurate manner, and manage multiple priorities
• Adaptable to multi-cultural environment and ways of working across time zones
• Strong oral and written communications skills
• Ability to work within project timelines
• Deliver outcomes with a little supervision, must be a self-starter and self-motivator
• Proactive approach and enthusiasm for problem identification and solving
• Ability to think strategically and suggest creative solutions
• Ability to synthesize complex requirements into simple business practices
• Flexible and able to adapt to changing priorities

Nice To Haves

• Knowledge of CLM tool such as Venafi, AppviewX, Keyfactor added advantage

Responsibilities

• Engineering and solutioning PKI design and cross functional integrations
• Assisting users on submitting SSL certificate requests
• Managing and driving NHI discovery and management
• Working on Incidents, alerts, service requests in ITSM
• Issuing and managing both Internal and external CA certificates using cert management tool
• Assisting users to download the certificate from cert management tool
• Domain management for issuing external (Entrust) SSL certificates.
• Provisioning (pushing SSL certificates into server) of SSL certificates to AWS, Java JKS and Windows servers
• Provide support on installation of SSL certificates in Windows IIS, JAVA JKS, Unix/Linux, Apache, Tomcat, Azure Key vault, AWS ALB/ELB, F5’s etc.
• Provide support on generating a CSR or converting certificate formats using open SSL
• Maintaining data and sending follow up emails on certificates expiry, before they get expired, to avoid warnings and outages
• Preparing and presenting weekly and monthly reports on Service requests, Incidents, and alerts
• Follow up with users for closure of pending tickets.
• Providing end to end operational support to internal customers.
• Managing certificate and key ownership data and keeping it up to date
• Working Knowledge of ITSM process (Request management, change management, Incident management) on tools such as SNOW
• Configuring and managing ADCS, CRL and OCSP Services
• Document all key generation and management activities
• Creating and maintaining CPS, architecture, Process and Run book documents
• Communicate progress, findings, and ensure successful handoff of deliverables to program and operational teams
• Provide detailed project Status to stakeholders
• Collect feedback from stakeholders and users of security capabilities and incorporate that feedback into service

Benefits

• Bonus based on performance and eligibility target payout is 10% of annual salary paid out annually.
• Paid time off subject to eligibility, including paid parental leave, vacation, sick, and bereavement.
• Medical, Dental, Vision, Disability, Health, and Dependent Care Reimbursement Accounts, Employee Assistance Program (EAP), Insurance (Accident, Group Legal, Life), Defined Contribution Retirement Plan.