As a Public Key Infrastructure (PKI)/Digital Certificate Administrator, you will play an integral role in administering a large-scale cloud-native enterprise working alongside cross-skilled cloud engineers toward common goals to automate and constantly improve the technology security and operations.

Responsibilities:

• Inventory, manage and administer certificates across various teams and use cases:
  • Internal Certificates (Windows PKI, Wireless Network, etc.)
  • Cloud Service Provider Certificates (AWS, Azure, etc.)
  • External Certificates (Digicert, GoDaddy, etc.)
  • 3rd Party Managed Certificates (Fiserv, Bottomline, etc.)
  • APIs / Integrations (MuleSoft, etc.)
  • Code Signing / DEV Use Cases
  • Platform Specific Certificates (ServiceNow, Salesforce, etc.)
• Associate security certificates with corresponding dependent systems within the CMDB
• Lead efforts in the acquisition of new and renewal of existing certificates
• Create, review, and process all documentation needed for certificate requests, modifications, renovations or rekeys.
• Reviews the documentation that formally authorizes individuals to manage, submit and receive PKI certificate request to ensure it is up to date and accurate.
• Maintain and administer any local Certificate Authority, and intermediary Certificate Authority.
• Manages, distributes and maintains inventory of all PKI hard tokens.
• Administration of Windows Active Directory Services including CA, Certificate Enrollment Web Services, Certificate Enrollment Policy Web Service, and Internet Information Services (IIS).
• Establish security best practices/ upgrades and is responsible for the overall health of PKI Infrastructure
• Identify certificate management process and infrastructure gaps and implement process improvements to increase operational reliability
• Develop Dashboards for alerting and monitoring to ensure awareness of certificate renewal, expiration, usage, etc.
• Participating in production support and on-call rotations
• Participate in incident management and contribute to associated retrospective/post-mortem as needed
• Participating in Agile Sprints and associated ceremonies

Qualifications:

• Strong understanding of PKI certificate management with expertise with Certificate Lifecycle management toolsets such as ServiceNow Certificate Module Sectigo, Venafi, etc.
• Experience with Amazon Certificate Manager (ACM) and Azure Key Vault
• PKI experience including hands on experience with:
  • Certificate Authority Administration
  • Certificate Enrollment Web Service & Policy Web Service
  • Active Directory Certificate Services (ADCS) monitoring
• Expertise in the understanding of PKI concepts (infrastructure & architecture)
• Experience implementing PKI in software engineering environments for purposes of code signing, API security, etc.
• Good understanding of CMDB, ITOM (IT Operations Management), Event Management
• Understanding of Microsoft Active Directory, LDAP, WSUS, group policies, and DNS
• Understanding of PKIX, PKCS, SSL, TLS, S/MIME standards
• Passion for finding and improving efficiencies with infrastructure, development and deployment automation
• Strong knowledge of build, release, and configuration management practices
• Understanding of and experience with the five pillars of a well-architected frameworks
• Knowledge of information security/governance controls
• Experience with ServiceNOW and the ServiceNOW Certificate Management component a plus
• Experience with operational monitoring tools, such as New Relic, Datadog, Splunk, Sumo Logic, and/or Prometheus is a plus
• Experience with KMS (key management) and/or HSM technologies is a plus
• Strong scripting experience requirement (Python, Java Scripting or PowerShell) a plus
• Strong communication and collaboration skills
• Ability to effectively mentor team members/direct reports
• Strong customer service skills