ENCORE - PKI Senior Security Engineer

About The Position

Requirements

• Bachelor’s Degree or higher in Information Systems or related field.
• 2+ years of hands-on experience with PKI, such as familiarity with Venafi, Microsoft’s ADCS, Entrust, DigiCert applications, including running expiration reports.
• 4+ years of Linux systems administration including package management
• 4+ years of scripting experience such as Ansible, bash, PowerShell or Python is preferred.
• Proficient in PKI technologies, including code signing, Certificate Revocation Lists (CRL), Certificate Enrollment Policy/Services (CEP/CES), and Network Device Enrollment Service (NDES).
• Extensive knowledge of SSL/TLS, public/private certificate signatures, cryptographic algorithms, certificate authorities and truststores.
• Working knowledge of TCP/IP networking/routing concepts and familiarity with firewalls, hubs, routers, switches, DNS, gateways and F5 load balancers.
• Proficiency in both UNIX and Windows systems with ability to navigate, search, determine ownership, execute certificate related commands, etc.
• Familiarity with general tools such as Java Keytool, Keystore Explorer, OpenSSL and Putty.
• Strong organizational skills.
• Ability to prioritize, plan and perform multiple tasks simultaneously, including tracking the status of multiple certificates without losing focus.
• Able to self-start and work independently in a self-directed manner in complex, dynamic, large scale, multi-platform distributed middleware environments with minimal direction.
• Advanced detail-oriented problem-solving skills and the ability to build relationships and work collaboratively with other departments to resolve complex issues with innovative solutions.
• Demonstrated ability to quickly learn and communicate concepts and ideas effectively both verbally and in writing across all levels of the organization
• Possesses strong customer service focus with a willingness to accommodate deadlines, including implementing after-hour change requests on a rotational basis.
• If you will be working at home occasionally or permanently, the internet connection must be obtained through a cable broadband or fiber optic internet service provider with speeds of at least 10Mbps download/5Mbps upload.

Nice To Haves

• Security related industry certification is a plus.
• Experience configuring and troubleshooting web, application, and middleware technologies is a plus.
• Familiarity with healthcare or PBM industry is helpful.

Responsibilities

• Architect, deploy, and maintain Microsoft ADCS, including configuration, policy enforcement, and integration with enterprise systems for secure identity and encryption services.
• Expertise in Venafi for certificate lifecycle management and policy enforcement.
• Administer Luna and nCipher Hardware Security Modules (HSMs).
• Develop and enforce certificate policies, standards, and governance frameworks.
• Collaborate with cybersecurity, infrastructure, and application teams to integrate PKI solutions across platforms.
• Provides deep dive cert troubleshooting expertise on escalation calls and production support calls.
• Ensure compliance with regulatory and organizational security requirements (e.g., FIPS, NIST).
• Participates in regular key production activities including annual CRL publishing and root key ceremonies.
• Govern DigiCert and Sectigo external Certificate Authorities.
• Assists with product roadmap.
• Reports progress using data-driven metrics.