Work Schedule

First Shift (Days)

Environmental Conditions

Office

Job Description

IT Security Engineer III - Credential Hardening & Certificate Management

Frederick, MD · Full-time

About the Role

This position is with Thermo Fisher Scientific, an inclusive employer and a member of myGwork -- the largest global platform for the LGBTQ+ business community.

Work Schedule: Standard (Mon-Fri)
Environmental Conditions: Office environment
Location/Division: Frederick, MD / Corporate IT

At Thermo Fisher Scientific, you'll drive transformational change in our certificate management and credential hardening practices across our global organization of 100,000+ colleagues. This position requires a strategic change agent who can challenge existing paradigms, identify leverage points, and engineer solutions that break us free from legacy "that's the way we do things" mindsets.

Position Overview

As a Credential Hardening & Certificate Management Engineer, you will serve as the primary SME and program leader for enterprise-wide secrets hardening and certificate lifecycle management initiatives. Operating with high independence, you'll function as an internal transformation consultant, developing strategic leverage points to enforce best practices and drive cultural change around credential security. This role complements PAM initiatives and requires someone who can engineer tool-agnostic solutions in an evolving technology landscape.

Key Responsibilities

Strategic Program Leadership

Lead credential hardening transformation initiatives across the organization, identifying and eliminating legacy practices that compromise security postureDrive initiatives with the enterprise certificate lifecycle management program, establishing strategy, roadmaps, and success metrics aligned with quantum computing threats and industry trendsServe as primary SME for secrets management best practices, certificate lifecycle automation and credential security frameworksDevelop strategic leverage points to drive organizational change and overcome resistance to security improvementsEngineer tool-agnostic flows that can adapt to changing technology landscapes and vendor transitions

Transformation & Program Management

Function as an internal turnaround consultant for credential security practices, identifying systemic issues and designing comprehensive remediation strategiesChallenge existing paradigms and "that's the way we do things" mentalities through data-driven analysis and strategic influenceDevelop and execute strategies to drive adoption of best practices across diverse business unitsExecute and deliver on credential hardening and certificate management investmentsDesign and implement cultural transformation initiatives that embed security-first thinking into operational processes

Engineering & Automation

Implement automated certificate rotation systems to address shrinking certificate lifecycles driven by quantum computing threats, including migration to quantum-resistant algorithmsEngineer scalable certificate management efforts that integrate with existing infrastructure while maintaining vendor agnostic flexibility and with preference on agility for post-quantum transitionsDevelop comprehensive secrets management frameworks that enforce least privilege, rotation, and audit requirements to strengthen credential workflowsCreate advanced monitoring and alerting systems for certificate expiration, rotation failures, compliance deviations, and quantum readiness assessmentsDesign integration strategies between certificate management, PAM initiatives, and broader security infrastructure with quantum threat in mind

Cross-Functional Leadership & Influence

Lead cross-functional efforts in implementing credential and certificate security improvements by seeing the work and helping the organization achieve clarity on where it is to headRepresent certificate management initiatives in enterprise engineering, security governance, and compliance committeesCollaborate with PAM teams to ensure complementary and multi-layered security strategiesDrive consensus among stakeholders with competing priorities and establish unified approaches to credential securityMentor and train technical teams on credential management best practices and emerging threats

Secrets Threat Mitigation & Risk Management

Develop and execute quantum readiness assessments for existing certificate and credential infrastructure, identifying vulnerable cryptographic implementationsDesign post-quantum cryptography transition roadmaps with timeline-driven migration strategies and risk-based prioritizationImplement and drive understanding of frameworks that enable rapid algorithm transitions as quantum threats evolve and new standards emergeCreate quantum threat intelligence notifications that monitor advances in quantum computing and adjust security postures proactivelyEstablish understanding of hybrid classical-quantum cryptographic systems during transition periods to maintain security while preparing for post-quantum era

Process Innovation & Optimization

Identify and eliminate inefficiencies in current secrets and certificate management processes through root cause analysis and quantum threat impact assessmentDevelop KPIs and metrics to measure program success, security posture improvements, organizational maturity, and quantum readiness levelsDesign automated compliance reporting and audit preparation processes that include credential hardening compliance requirementsCreate repeatable methodologies for certificate lifecycle management that incorporate quantum-safe practices and can scale across global operationsEstablish governance frameworks for certificate and credential policy enforcement with quantum threat considerations integrated

Technology Platform Management

Maintain deep expertise in common enterprise tooling while preparing for potential platform transitionsEvaluate and recommend new secrets management platforms based on strategic requirementsDesign migration strategies that prioritize urgency of need, so our security posture does not become laxDevelop vendor-agnostic and dual implementation approaches that protect against technology and vendor lock-inCreate integration methodologies that maximize existing infrastructure investments

Required Qualifications

Education & Certifications

Bachelor's degree in Cybersecurity, Computer Science, Systems Engineering, or related field (equivalent experience accepted)Advanced certifications required: CISSP, CISM, or CCSP with focus on identity and access management or equivalentCredential management or consulting certifications strongly preferred (e.g. CyberArk Guardian, etc.)Certificate management training preferred: Feisty Duck Practical TLS and PKI or similar

Experience

8+ years of enterprise security experience with focus on identity, access management, or certificate/PKI systems5+ years of program or project leadership experience driving organizational transformation3+ years of hands-on experience with certificate management platforms, PKI infrastructure, and secrets managementDemonstrated experience as a change agent or transformation consultant in security domainsProven track record of challenging status quo and driving process improvements in large organizations

Technical Skills

Expert proficiency in secrets management, credential hardening, privileged access principles, and quantum-safe credential protection mechanismsAdvanced knowledge of PKI, certificate lifecycles, automated rotation technologies, and post-quantum cryptography standards (NIST PQC, hybrid certificates)Strong experience with secrets/certificates management platforms, including quantum readiness assessment capabilitiesDemonstrated ability to engineer tool-agnostic solutions, manage technology transitions, and implement crypto agile frameworksExperience with SaaS secrets and certificate management, DevOps integration, infrastructure automation, and quantum-safe practicesAdvanced knowledge of quantum computing impacts on cryptography, secrets and certificate management strategies, and post-quantum transition planning

Leadership & Consulting Skills

Exceptional influence and persuasion abilities with track record of driving change without direct authorityStrategic thinking and problem-solving with ability to identify leverage points for organizational transformationStrong consulting and advisory skills with experience challenging existing practices and driving improvementsExcellent communication abilities with capability to present complex technical concepts to executive audiencesProven mentorship and training capabilities with track record of developing technical teamsCultural change leadership with experience overcoming organizational resistance to security improvements

Specialized Competencies

Comprehensive understanding of secrets management and specific mitigation strategies for enterprise environmentsExperience with regulatory compliance requirements (SOX, PCI DSS, HIPAA) related to certificate and credential management, including emerging quantum-safe compliance standardsExpertise in threat modeling and risk assessment methodologies for credential security with quantum threat scenarios and impact analysisProficiency with DevSecOps practices, automated security integration, and quantum-safe CI/CD pipeline securityDeep understanding of zero trust architecture principles, implementation strategies, and quantum-resilient zero trust frameworksKnowledge of post-quantum cryptography algorithms (lattice-based, hash-based, multivariate, isogeny-based) and their practical implementation challenges

What We Offer

Join our world-class organization and lead transformational change in enterprise security. Drive meaningful impact across our global operations while developing cutting-edge solutions for tomorrow's security challenges. We offer competitive compensation, comprehensive benefits, executive development opportunities, and the chance to shape the future of certificate and credential security.

Apply today at: http://jobs.thermofisher.com

Thermo Fisher Scientific Inc. is an equal opportunity employer offering reasonable accommodations for applicants with disabilities. We value diversity and inclusion in our workforce. #StartYourStory with us.

Compensation and Benefits

The salary range estimated for this position based in Maryland is $113,500.00–$170,200.00.

This position may also be eligible to receive a variable annual bonus based on company, team, and/or individual performance results in accordance with company policy. We offer a comprehensive Total Rewards package that our U.S. colleagues and their families can count on, which includes:

A choice of national medical and dental plans, and a national vision plan, including health incentive programs

Employee assistance and family support programs, including commuter benefits and tuition reimbursement

At least 120 hours paid time off (PTO), 10 paid holidays annually, paid parental leave (3 weeks for bonding and 8 weeks for caregiver leave), accident and life insurance, and short- and long-term disability in accordance with company policy

Retirement and savings programs, such as our competitive 401(k) U.S. retirement savings plan

Employees’ Stock Purchase Plan (ESPP) offers eligible colleagues the opportunity to purchase company stock at a discount

For more information on our benefits, please visit: https://jobs.thermofisher.com/global/en/total-rewards