Senior Manager, PKI and MFA Engineer and Support

Otis Elevator Co.

13d•Remote

About The Position

Join Otis, a global leader with over 160 years of innovation in elevators, escalators, and people-moving systems. As a standalone, publicly traded company, Otis seeks a PKI and MFA Engineering Specialist and Technical Support professional—preferably based in Latin America—to define and execute strategies for secure, seamless access to business applications. This multifaceted role requires strong management of complex environments, objective-driven focus, and adaptability. The PKI and MFA SME will collaborate with internal and third-party teams, providing subject matter expertise on PKI (MS ADCS) and passwordless MFA (HYPR) support, enhancements, and adoption.

Requirements

Bachelor’s degree in Computer Science, Management of Information Systems, or related discipline, or equivalent experience.
Minimum 10 years’ experience in PKI and MFA technology, engineering, implementation, and use.
At least 10 years in a solution or technical role with on-premises and cloud (IaaS, PaaS, SaaS) platforms.
Experience architecting and supporting PKI for mobile devices.
Experience with Microsoft-centric solutions, claims-based authentication (SAML, OAuth, OIDC), MFA (preferably HYPR), OKTA, and other IDP technologies.
Knowledge of security controls.
Experience or familiarity with FIDO UAF and FIDO2.
Expert troubleshooting and ability to relate new technologies to business needs.
Effective communication skills for diverse business stakeholders.
Deep understanding of application, infrastructure, and security architecture, including performance, scalability, reliability, and availability.
Understanding of MFA, 2FA, IAM technologies, Windows Domain Controllers, and Certificate Services.
Five-plus years of IAM product support or relevant experience.
Ability to build consensus among stakeholders and influence outcomes.
Results-oriented, with a track record of achieving aggressive goals.
Strong quality, time, and scope management within IT.
Solid understanding of IAM principles, IT security needs, and DevOps processes.
Excellent verbal, written, and interpersonal communication skills for all organizational levels.
Ability to adapt and multitask in a fast-paced environment; diligent, disciplined, and reliable.
Strong working knowledge of authentication protocols (OAuth, SAML, RADIUS, TACACS, digital certificates, Kerberos, ADFS, OpenID, FIDO, biometrics).
Familiarity with SQL and NoSQL data stores and their applications.
Willingness to work outside normal hours to support global teams; ability to travel up to 10%.
Experience managing an operational program/vendor team

Responsibilities

Tool Ownership & Subject Matter Expertise
Serve as the primary owner and SME for MFA tools (ie: HYPR) ; act as backup for related IAM tools (e.g., SSO, Okta).
Provide technical leadership and guidance for the MSP supporting both products.
Manage external and internal certificate authorities (Sectigo/Microsoft).
Own and manage the backlog, ensuring work items are clear, testable, and completed on time.
Implement and test new integrations; modify configurations for new entities as needed.
Perform hands-on configuration and technical troubleshooting.
Address both technical and non-technical issues, collaborating with customers and extended teams.
Operational Management
Oversee upgrades, preventative maintenance, and troubleshooting of MFA-related issues.
Serve as the escalation point for critical tickets and high-level issues.
Participate in a 24x7 delivery team, including on-call and weekend work during major incidents.
Provide level 2/3 support for all passwordless MFA and PKI matters.
Highlight themes in operational tickets to identify areas for improvement
Integration & Architecture
Oversee integration of MFA solutions with on-premises and cloud-based IAM products, VPNs, and other authentication mechanisms.
Design and maintain trust architectures for PKI and MFA systems, ensuring secure and seamless user experiences.
Consult with application teams to prevent fraud and mitigate risk.
Evaluate, design, and deploy new PKI use cases.
Monitoring & Reporting
Analyze metrics and KPIs; manage dashboards related to MFA adoption and performance.
Report MFA adoption progress (including passwordless initiatives) to stakeholders.
Ensure monitoring and alerting tools are in place and functioning
Risk Management & Compliance
Lead risk assessments and apply industry best practices for MFA and PKI.
Ensure crypto agility and compliance with certificate lifecycle management standards.
Work toward achieving crypto agility for 47-day TLS certificate expiration.
Write and maintain certificate policies and certification/registration practice statements.
Team Leadership & Communication
Lead meetings with the support team, address conflicts, and escalate issues as needed.
Collaborate with internal and third-party teams to resolve identity-related challenges.
Maintain and update documentation on operational procedures and methodologies.
Partner with other IAM verticals and external infrastructure/application partners.
Strategic Responsibilities
Define and execute strategies aligned with organizational goals.
Develop a roadmap for MFA and PKI enhancements and adoption, including passwordless authentication initiatives.
Help the business navigate identity issues and escalate as appropriate.
Translate business goals into a well-sequenced, adaptable roadmap for IAM evolution.