Senior PKI Platform Administrator

About The Position

Requirements

• Bachelor’s Degree in Computer Science, Information Systems or a related field required
• Professional certifications such as CISSP, CISM, GIAC or CCSP required.
• Five to eight years of related experience or an equivalent combination of education, training and experience required.
• Extensive knowledge of Cryptographic Principles: Strong foundational understanding of Public Key Infrastructure (PKI), technologies, and best practices.
• Certificate Lifecycle Management (CLM): Hands-on experience using modern, enterprise-grade CLM platforms and managing public/private Certificate Authority integrations.
• Infrastructure & Networking: Solid understanding of network protocols (TLS/SSL, HTTPS, DNS, TCP/IP) and how certificates are utilized by enterprise infrastructure components like load balancers, web servers, and firewalls.
• Excellent leadership and communication skills, with the ability to effectively communicate complex technical concepts to stakeholders at all levels.
• Must have good customer service and time management skills.
• Ability to develop solutions to a variety of complex problems, and reference established precedents and policies.
• Proficiency in at least one scripting language (e.g., PowerShell, Python, or Bash) to interact with REST APIs and automate configuration tasks.
• Experience with CI/CD tools, infrastructure-as-code (IaC) pipelines, or configuration management tools as they relate to deploying secrets or machine identities.
• Familiarity with Enterprise Directory Services, Cloud Identity Providers, or localized Secrets Management tools.

Responsibilities

• Act as the primary administrator, subject matter expert, and product owner for the enterprise Certificate Lifecycle Management (CLM) portal and integrated Public Certificate Authority (CA) infrastructure.
• Manage user access control, tenant health, role-based permissions (RBAC), and certificate templates within the centralized management platform.
• Oversee Public Domain Control Validation (DCV) processes with external CAs to ensure seamless, automated issuance of public-facing certificates.
• Monitor platform consumption metrics, API health, and certificate credit pools to optimize licensing and enterprise spend.
• Provide strategic leadership in the development and execution of certificate lifecycle management.
• Collaborate with senior stakeholders to align PKI initiatives with organizational goals and objectives.
• Stay updated with emerging PKI related trends, threats, and technologies to provide expert guidance and recommendations.
• Deploy, configure, and maintain localized platform orchestration tools and agents across enterprise networks to facilitate automated certificate lifecycle actions.
• Partner with Application, DevOps, and Infrastructure teams to provide secure API endpoints, SDKs, and documentation for integrating certificate issuance into CI/CD pipelines (e.g., automated build tools, configuration management scripts).
• Standardize and publish automated enrollment mechanisms (such as ACME protocols, enrollment gateways, or MDM integrations) for cloud workloads, containers, and enterprise endpoints.
• Act as a consultative architectural resource for internal teams designing custom or legacy system integrations with the central PKI platform.
• Partner with the Risk/GRC team to translate corporate security policies into automated technical controls and templates within the CLM platform.
• Conduct regular certificate discovery scans to identify, inventory, and remediate "rogue" or non-compliant certificates across the enterprise footprint.
• Coordinate and execute emergency certificate revocation workflows and incident response protocols in the event of a private key compromise.
• Maintain audit readiness by generating compliance reports, reviewing access logs, and proving adherence to industry frameworks (e.g., SOC2, PCI-DSS).
• Troubleshoot tier-3 platform-specific issues, including orchestration agent disconnects, API failures, or CA synchronization errors.
• Provide reference blueprints, documentation, and "self-service" training materials to empower application owners to manage their own local certificate installations and troubleshooting.
• Other duties and responsibilities as assigned.