Key Responsibilities
The PKI Designer/Architect role provides the opportunity to work in a highly complex, global organization to design, develop, and deploy new or enhanced PKI and certificate lifecycle services to support the business with innovative solutions. The position offers the candidate that ability to work within a large scale, highly available, and secure set of technologies to support delivery of PKI and certificate lifecycle services to the business. While PKI services and certificate management services must be highly secure, consistent, and reliable, the designer/architect will also drive services designed to provide or integrate with automated certificate provisioning services.
You must be able to:
- Partner with all stakeholders and external vendors to design, develop, deploy and support the best possible solution to meet our business needs.
- Assess, define collect and define business requirements with the view to be used to a target certificate management solution.
- Communicate design approaches and recommendations effective to gain stakeholder approvals and agreements
- Coordinate design activities across multiple teams and services to ensure successful completion of complex projects
- Develop both technical and functional solutions that integrate with business processes
- Develop design artifacts from HLD, LLD to Key Certificate Ceremony, CA policies and Online/Offline Root CA Operations.
- Have a proven experience in terms of design, implementation and operational of a number PKI and Certificate Management vendors including, but not limited to Thales HSMs, EJBCA KeyFactor PKI, AppViewX Certificate Lifecycle Management, Microsoft CA and AWS Certificate Management
- Have proven design, implementation and operational experience across PKI certificate enrolment and verification technologies CMP, SCEP, EST, ACME to OCSP, Intune, and Python Scripting
- Design innovative solutions that address key lifecycle management functions to support the needs of the business
What you'll bring:
- Minimum 5 years’ experience working in a technical PKI architectural design role (such as Enterprise Design Architect, Application Design Architect, Solution Architect)
- Experience in PKI design and delivery: from High Level Design to Low Level Design and implementation.
- Experience with key PKI technologies such as EJBCA PKI, AppViewX+ Certificate Lifecycle, Microsoft Active Directory Certificate Services, AWS Private CA, including Thales Luna Hardware Security Modules (HSMs)
- Domain knowledge and experience on associated cryptographic protocols, services, and standards
- Experience with PKI implementation processes
- Experience with PKI integrations, CMP, SCEP, EST, ACME, RestAPI other certificate enrolment practices
- Experience with Certificate Life Cycle management/operations and automation certificate deployment.
- Experience with DNS, Active Directory, ADCS, CRL, OCSP
- Experience with certificate request and issuance processes integrating to ServiceNow automation
- Programming and/or script development experience (Eg Python and Terraform)
- Implement new automation code for server, applications, configurations and cloud management (ton or other types of scripting)
- Knowledge of networking technologies, internetworking devices and protocols & Protocols like TCP/IP, HTTP, SSL/TLS, DNS, SMTP etc are mandatory.
- Intermediate level knowledge of Docker, Kubernetes.
- A proactive approach to spotting problems, areas for improvement, and fixing performance bottlenecks.
- Experience in technical engineering / design of SaaS environments is a Plus
- Experience in CI-CD technologies such as Ansible, Jenkins
- Creating complex technical designs and diagrams using diagram and vector graphics applications (Visio, Lucidchart, etc.)
- Exceptional communication skills, both oral and written, coupled with excellent listening skills
- Hands on experience with:
-PKI and Certificate deployment and automation.
-Kubernetes, Docker – certificate integrations
-Thales HSMs
-Linux command line/ Windows server management
-Apache, IIS - application expertise
-Database management/configuration (SQL, MYSQL, Mongo)
More about the role:
The PKI Designer/Architect role drives complex design, development, and implementation activities to provide certificate management (PKI and Certificate Lifecycle) related services to the business across a large set of digital certificate use cases. The role focus on the strategic greenfield delivery of a PKI and Certificate Lifecycle as well as the onboarding and managing the X.509 certificates across our Telco estate.
The role is aligned to a number of vendors including, but not limited to Thales HSMs, EJBCA KeyFactor PKI, AppViewX Certificate Lifecycle Management, Microsoft CA and AWS Certificate Management.
A successful candidate would be highly motivated and performance-oriented individuals that can develop future state visions and successfully drive measurable improvement in delivery of PKI services. The candidate should be able to clearly communicate with all levels of stakeholders from technical up through executive level sponsors. We have a culture of high-performance teams and successful candidates should have strong technical skills but also be team oriented.