As a Public Key Infrastructure (PKI)/Digital Certificate Administrator, you will play an integral role in administering a large-scale cloud-native enterprise working alongside cross-skilled cloud engineers toward common goals to automate and constantly improve the technology security and operations.
Responsibilities:
- Inventory, manage and administer certificates across various teams and use cases:
- Internal Certificates (Windows PKI, Wireless Network, etc.)
- Cloud Service Provider Certificates (AWS, Azure, etc.)
- External Certificates (Digicert, GoDaddy, etc.)
- 3rd Party Managed Certificates (Fiserv, Bottomline, etc.)
- APIs / Integrations (MuleSoft, etc.)
- Code Signing / DEV Use Cases
- Platform Specific Certificates (ServiceNow, Salesforce, etc.)
- Associate security certificates with corresponding dependent systems within the CMDB
- Lead efforts in the acquisition of new and renewal of existing certificates
- Create, review, and process all documentation needed for certificate requests, modifications, renovations or rekeys.
- Reviews the documentation that formally authorizes individuals to manage, submit and receive PKI certificate request to ensure it is up to date and accurate.
- Maintain and administer any local Certificate Authority, and intermediary Certificate Authority.
- Manages, distributes and maintains inventory of all PKI hard tokens.
- Administration of Windows Active Directory Services including CA, Certificate Enrollment Web Services, Certificate Enrollment Policy Web Service, and Internet Information Services (IIS).
- Establish security best practices/ upgrades and is responsible for the overall health of PKI Infrastructure
- Identify certificate management process and infrastructure gaps and implement process improvements to increase operational reliability
- Develop Dashboards for alerting and monitoring to ensure awareness of certificate renewal, expiration, usage, etc.
- Participating in production support and on-call rotations
- Participate in incident management and contribute to associated retrospective/post-mortem as needed
- Participating in Agile Sprints and associated ceremonies
Qualifications:
- Strong understanding of PKI certificate management with expertise with Certificate Lifecycle management toolsets such as ServiceNow Certificate Module Sectigo, Venafi, etc.
- Experience with Amazon Certificate Manager (ACM) and Azure Key Vault
- PKI experience including hands on experience with:
- Certificate Authority Administration
- Certificate Enrollment Web Service & Policy Web Service
- Active Directory Certificate Services (ADCS) monitoring
- Expertise in the understanding of PKI concepts (infrastructure & architecture)
- Experience implementing PKI in software engineering environments for purposes of code signing, API security, etc.
- Good understanding of CMDB, ITOM (IT Operations Management), Event Management
- Understanding of Microsoft Active Directory, LDAP, WSUS, group policies, and DNS
- Understanding of PKIX, PKCS, SSL, TLS, S/MIME standards
- Passion for finding and improving efficiencies with infrastructure, development and deployment automation
- Strong knowledge of build, release, and configuration management practices
- Understanding of and experience with the five pillars of a well-architected frameworks
- Knowledge of information security/governance controls
- Experience with ServiceNOW and the ServiceNOW Certificate Management component a plus
- Experience with operational monitoring tools, such as New Relic, Datadog, Splunk, Sumo Logic, and/or Prometheus is a plus
- Experience with KMS (key management) and/or HSM technologies is a plus
- Strong scripting experience requirement (Python, Java Scripting or PowerShell) a plus
- Strong communication and collaboration skills
- Ability to effectively mentor team members/direct reports
- Strong customer service skills