Technical Cryptography Analyst, Public Key Infrastructure (PKI)

About The Position

Requirements

• 5 years of experience in Information Technology, with a minimum of 3 years focused specifically on Public Key Infrastructure (PKI) administration and support.
• Deep expertise and hands-on experience with in Microsoft CA, NDES,OCSP and Venafi.
• Excellent troubleshooting skills and the ability to diagnose and resolve complex PKI issues.
• Strong communication skills, both written and verbal, with the ability to explain technical concepts clearly.
• Deep understanding of PKI concepts, including X.509 certificates, certificate chains, trust anchors
• Proficiency with SSL/TLS protocols and their application in securing web and network communications.
• Familiarity with relevant security standards and frameworks (e.g., NIST, ISO 27001) and compliance requirements.
• Experience with scripting languages (e.g., PowerShell, Python) for automating PKI-related tasks.

Nice To Haves

• Certifications in Cyber Security (CISSP, CCSP etc.)
• Understanding of industry standards (IST 27001/2, NIST etc.)
• Venafi Certified Administrator (VSA) or Venafi Security Professional (VSP)

Responsibilities

• Manage the full Certificate Lifecycle: Oversee and execute all phases of certificate management, including request processing, generation, issuance, distribution, renewal, replacement, and timely revocation of various certificate types (SSL/TLS, S/MIME, code signing, client authentication, etc.).
• Enforce PKI Policies and Procedures: Ensure strict adherence to established PKI policies, Certificate Practice Statements (CPS), and Certificate Policy (CP) documents.
• Operate and Maintain PKI Infrastructure: Administer and maintain internal Certificate Authorities (CAs), Registration Authorities (RAs), and related components, including hardware and software.
• Troubleshoot and Resolve PKI Issues: Identify, diagnose, and resolve issues related to certificate validity, trust chains, revocation status (CRL, OCSP), key usage, and connectivity problems impacting PKI services.
• Contribute to PKI Design and Implementation: Participate in the design, planning, and implementation of new PKI solutions and enhancements based on evolving business needs and security requirements.
• Ensure PKI Security: Implement and monitor security controls to protect the PKI infrastructure, including securing CA private keys, managing access controls, and monitoring for suspicious activity.
• Maintain Compliance: Ensure the PKI environment meets internal security standards, industry best practices, and relevant regulatory requirements (e.g., privacy laws, industry-specific regulations).
• Key Management: Assist in the secure generation, storage, and management of cryptographic keys involving Hardware Security Modules (HSMs).
• Automate PKI Operations: Develop and implement scripts and tools to automate repetitive PKI tasks, such as certificate issuance, monitoring, and reporting, improving efficiency and reducing manual errors.
• Document PKI Processes: Create and maintain comprehensive documentation for PKI configuration, procedures, policies, and troubleshooting guides.
• Stay Current with PKI Trends: Keep abreast of the latest developments, vulnerabilities, and best practices in the PKI and cryptographic space.

Benefits

• A comprehensive Total Rewards Program including bonuses and flexible benefits, competitive compensation, commissions, and stock where applicable
• Leaders who support your development through coaching and managing opportunities
• Ability to make a difference and lasting impact
• Work in a dynamic, collaborative, progressive, and high-performing team
• A world-class training program in financial services
• Flexible work/life balance options
• Opportunities to do challenging work