Sr Technical Lead

About The Position

Requirements

• Strong working knowledge of PKI and the X.509 certificate standard: certificate lifecycle, CAs, chains of trust, key management, and revocation (CRL/OCSP).
• Hands-on integration experience with certificate management or PKI tooling.
• Experience automating certificate provisioning across heterogeneous systems (Linux, Windows, cloud, network devices, Kubernetes).
• Proficiency with at least one scripting or programming language for automation and integration work (Python, Go, or similar).
• Familiarity with secrets management and how certificates fit alongside it.
• Experience leading technical delivery: setting architecture, reviewing work, and bringing a team along.

Nice To Haves

• Direct experience with Zero Touch PKI and CyberArk Certificate Manager (formerly Venafi) is a strong plus.
• Experience with ACME and automated enrollment protocols.
• Knowledge of mTLS and service-to-service certificate use in microservice environments.
• Cloud-native certificate services (AWS ACM/Private CA, Azure Key Vault, or GCP equivalents).
• Background in a regulated or audited environment.

Responsibilities

• Design the target-state architecture for centralized certificate lifecycle management (issuance, renewal, revocation, discovery, inventory).
• Integrate Zero Touch PKI and CyberArk Certificate Manager with existing systems, CAs, and secrets infrastructure.
• Build automation for certificate provisioning and renewal so that manual touchpoints and outage-causing expirations go away.
• Establish certificate discovery and inventory across servers, load balancers, app services, and network devices, parsing X.509 fields like SAN and key usage to validate and dedupe what's found.
• Define standards for certificate policy, key types, validity periods, and rotation.
• Work with platform, security, and application teams to onboard their systems onto the central platform.
• Set up monitoring and alerting for expirations, policy violations, and integration failures.