Security Track Consultant

HEXAWARE

5h•Onsite

About The Position

Hexaware is a dynamic and innovative IT organization committed to delivering cutting-edge solutions to our clients worldwide. We pride ourselves on fostering a collaborative and inclusive work environment where every team member is valued and empowered to succeed. Hexaware provides access to a vast array of tools that enhance, revolutionize, and advance professional profile. We complete the circle with excellent growth opportunities, chances to collaborate with highly visible customers, chances to work alongside bright brains, and the perfect work-life balance. With an ever-expanding portfolio of capabilities, we delve deep into and identify the source of our motivation. Although technology is at the core of our solutions, it is still the people and their passion that fuel Hexaware’s commitment towards creating smiles. At Hexaware we encourage to challenge oneself to achieve full potential and propel growth. We trust and empower to disrupt the status quo and innovate for a better future. We encourage an open and inspiring culture that fosters learning and brings talented, passionate, and caring people together. We are always interested in, and want to support, the professional and personal you. We offer a wide array of programs to help expand skills and supercharge careers. We help discover passion—the driving force that makes one smile and innovate, create, and make a difference every day.

Requirements

8–12+ years in IAM/security operations, platform operations, or security engineering with strong focus on cryptographic services.
Hands-on experience managing certificate lifecycle at scale and preventing certificate expiry incidents.
Strong knowledge of: PKI concepts (CAs, CRLs/OCSP, certificate chains, mTLS), Key management practices (rotation, escrow policies, separation of duties), HSM/KMS/Secrets platforms (enterprise or cloud-based).
Strong incident management and RCA experience in production environments.

Responsibilities

Lead the IAM Keychain Operations team, providing direction, coaching, performance management, and workload prioritization.
Own operational KPIs/SLAs/SLOs for key and certificate services (availability, turnaround time, renewal success rate, incident reduction).
Oversee end-to-end lifecycle management for: TLS/SSL certificates (issuance, renewal, revocation, rotation), Encryption/signing keys (generation, storage, rotation, decommissioning), Secrets management (application secrets, API keys, tokens where applicable).
Ensure secure key handling practices aligned with enterprise standards (HSM-backed keys where required).
Manage integrations with PKI, internal/external CAs, HSMs, KMS platforms, and secret vault technologies.
Ensure adherence to security policies and regulatory requirements (e.g., PCI-DSS, SOX, ISO 27001, SOC2—based on company context).
Drive periodic access reviews, audit evidence collection, and remediation of findings.
Partner with Security Architecture/GRC teams to implement controls and reduce cryptographic and identity-related risk.
Act as escalation lead for major incidents related to certificates, keys, HSM/KMS, or secret vault outages.
Lead root cause analysis (RCA) and implement preventive actions to reduce recurrence.
Govern changes through CAB/Change Management processes, ensuring minimal disruption and strong rollback planning.
Identify opportunities to automate certificate renewals, key rotations, provisioning workflows, and reporting.
Drive infrastructure-as-code and CI/CD enablement for keychain services.
Improve observability: monitoring, alerting, dashboards, and proactive expiry/rotation notifications.
Partner with application teams, platform engineering, cloud teams, and security teams to onboard services and ensure best practices.
Manage vendor relationships (CA providers, HSM vendors, KMS providers) including support escalations and roadmap alignment.
Communicate operational status, risks, and roadmap progress to leadership.