Primary Responsibilities • Enterprise PKI Architecture — Define and maintain PKI architecture, including CA hierarchy, trust models, certificate policies, and security controls. • CA/RA Governance — Oversee Certificate Authority and Registration Authority operations, ensuring secure issuance, renewal, and revocation processes. • Cryptographic Standards Management — Establish and enforce cryptographic policies, key management procedures, algorithm standards, and HSM governance. • Infrastructure Security — Ensure secure deployment of PKI components, including OCSP, CRL distribution, offline root CA protection, and high-availability configurations. • Integration & Enablement — Integrate PKI with enterprise systems such as IAM, TLS/SSL, MDM, IoT, cloud platforms, and internal applications. • Risk, Audit & Compliance — Conduct PKI risk assessments, support internal/external audits, and ensure compliance with NIST, ISO 27001, and regulatory requirements. • Documentation & Policy Development — Develop and maintain CP/CPS documents, architecture diagrams, operational procedures, and governance frameworks. • Incident Response Support — Provide expertise during cryptographic incidents, certificate failures, or trust-related security events.
Required Qualifications • Cryptography Expertise — Deep understanding of X.509, PKCS standards, OCSP, CRL, key algorithms, and secure key lifecycle management. • PKI Platform Experience — Hands-on experience with enterprise PKI systems, HSMs, CLM tools, and CA/RA operations. • Security Framework Knowledge — Familiarity with NIST 800-53, ISO 27001/2, and cryptographic compliance requirements. • Automation & Scripting — Proficiency in PowerShell, Python, or Shell scripting for PKI automation and operational efficiency. • Bachelor’s or Master’s degree in Computer Science, Information Security, or a related discipline.