PKI Design Architect - INSIDE IR35

Sign up to see company details
  • Contract 120 days
  • £640 - £670 (GBP) / day
  • Isleworth, England, United Kingdom
    and remote
  • 27 Mar 2023

Key ResponsibilitiesThe PKI Designer/Architect role provides the opportunity to work in a highly complex, global organization to design, develop, and deploy new or enhanced PKI and certificate lifecycle services to support the business with innovative solutions. The position offers the candidate that ability to work within a large scale, highly available, and secure set of technologies to support delivery of PKI and certificate lifecycle services to the business. While PKI services and certificate management services must be highly secure, consistent, and reliable, the designer/architect will also drive services designed to provide or integrate with automated certificate provisioning services.

Description

Key Responsibilities
The PKI Designer/Architect role provides the opportunity to work in a highly complex, global organization to design, develop, and deploy new or enhanced PKI and certificate lifecycle services to support the business with innovative solutions. The position offers the candidate that ability to work within a large scale, highly available, and secure set of technologies to support delivery of PKI and certificate lifecycle services to the business. While PKI services and certificate management services must be highly secure, consistent, and reliable, the designer/architect will also drive services designed to provide or integrate with automated certificate provisioning services.

You must be able to:

  • Partner with all stakeholders and external vendors to design, develop, deploy and support the best possible solution to meet our business needs.  
  • Assess, define collect and define business requirements with the view to be used to a target certificate management solution.
  • Communicate design approaches and recommendations effective to gain stakeholder approvals and agreements
  • Coordinate design activities across multiple teams and services to ensure successful completion of complex projects 
  • Develop both technical and functional solutions that integrate with business processes 
  • Develop design artifacts from HLD, LLD to Key Certificate Ceremony, CA policies and Online/Offline Root CA Operations.
  • Have a proven experience in terms of design, implementation and operational of a number PKI and Certificate Management vendors including, but not limited to Thales HSMs, EJBCA KeyFactor PKI, AppViewX Certificate Lifecycle Management, Microsoft CA and AWS Certificate Management
  • Have proven design, implementation and operational experience across PKI certificate enrolment and verification technologies CMP, SCEP, EST, ACME to OCSP, Intune, and Python Scripting
  • Design innovative solutions that address key lifecycle management functions to support the needs of the business 

What you'll bring:

  • Minimum 5 years’ experience working in a technical PKI architectural design role (such as Enterprise Design Architect, Application Design Architect, Solution Architect)
  • Experience in PKI design and delivery: from High Level Design to Low Level Design and implementation.
  • Experience with key PKI technologies such as EJBCA PKI, AppViewX+ Certificate Lifecycle, Microsoft Active Directory Certificate Services, AWS Private CA, including Thales Luna Hardware Security Modules (HSMs)
  • Domain knowledge and experience on associated cryptographic protocols, services, and standards
  • Experience with PKI implementation processes
  • Experience with PKI integrations, CMP, SCEP, EST, ACME, RestAPI other certificate enrolment practices
  • Experience with Certificate Life Cycle management/operations and automation certificate deployment.
  • Experience with DNS, Active Directory, ADCS, CRL, OCSP
  • Experience with certificate request and issuance processes integrating to ServiceNow automation
  • Programming and/or script development experience (Eg Python and Terraform)
  • Implement new automation code for server, applications, configurations and cloud management (ton or other types of scripting)
  • Knowledge of networking technologies, internetworking devices and protocols & Protocols like TCP/IP, HTTP, SSL/TLS, DNS, SMTP etc are mandatory.
  • Intermediate level knowledge of Docker, Kubernetes.
  • A proactive approach to spotting problems, areas for improvement, and fixing performance bottlenecks.
  • Experience in technical engineering / design of SaaS environments is a Plus
  • Experience in CI-CD technologies such as Ansible, Jenkins
  • Creating complex technical designs and diagrams using diagram and vector graphics applications (Visio, Lucidchart, etc.)
  • Exceptional communication skills, both oral and written, coupled with excellent listening skills
  • Hands on experience with:

-PKI and Certificate deployment and automation.
-Kubernetes, Docker – certificate integrations
-Thales HSMs
-Linux command line/ Windows server management
-Apache, IIS - application expertise
-Database management/configuration (SQL, MYSQL, Mongo)

More about the role:

The PKI Designer/Architect role drives complex design, development, and implementation activities to provide certificate management (PKI and Certificate Lifecycle) related services to the business across a large set of digital certificate use cases. The role focus on the strategic greenfield delivery of a PKI and Certificate Lifecycle as well as the onboarding and managing the X.509 certificates across our Telco estate.
The role is aligned to a number of vendors including, but not limited to Thales HSMs, EJBCA KeyFactor PKI, AppViewX Certificate Lifecycle Management, Microsoft CA and AWS Certificate Management.

A successful candidate would be highly motivated and performance-oriented individuals that can develop future state visions and successfully drive measurable improvement in delivery of PKI services.  The candidate should be able to clearly communicate with all levels of stakeholders from technical up through executive level sponsors. We have a culture of high-performance teams and successful candidates should have strong technical skills but also be team oriented.

Skills

Business Activities
Root Cause Analysis
Stakeholder Management
Design & Prototyping Tools
Lucidchart
Visio
Environments
Software as a service (SaaS)
IT Infrastructure Expertise
Active Directory
PKI
Solution Architecture
IT Infrastructure Products
A10 Networks Application Delivery Controllers (ADCs)
Amazon AWS
Docker
Kubernetes
Linux
Microsoft Internet Information Services (IIS)
MySQL
ServiceNow
IT Infrastructure Technologies & Protocols
DNS
HTTP
SCEP
SMTP
SSL
TCP/IP
TLS
IT Network Expertise
Architecture
Network Design
IT Security Expertise
Architecture and Design
Hardware Security Modules (HSMs)
Programming Languages & Frameworks
Ansible
Python
SQL
Software Development Tools
Apache
Jenkins
MongoDB
Terraform

Industry Experience

Media & Broadcasting company - TV, Music, Movies, Radio, Entertainment