Vertafore is looking for a PKI (Public Key Infrastructure) Engineering Technical Lead to join our SaaS Operations organization in Hyderabad, India. The role will be primarily focusing on Public Key Infrastructure (PKI), Digital certificates Lifecycle management at the infrastructure and application layers. The successful candidate will report to the Director of SaaS Operations. Core Requirements and Responsibilities: + · Lead to design, configuration and implementation of PKI Solutions across various environments. + · Extensive experience in PKI architecture design and resolving cross-domain issues. + · Oversee the maintenance and upgrade of PKI Systems, ensure they meets security standards and best practices. + · Automation of TLS certificates lifecycle, including discovery, issuance, renewal, and revocation. + · Automation of code signing processes by integrate with CI/CD Pipelines to prevent unauthorized code execution and ensure secure software distribution. + · Automation skills using machine identity management software involve using various tools and features to streamline and secure the management of machine identities. + Software like Venafi TPP, Keyfactor Certificate Lifecycle Management (CLM), Digicert One automation and Cloud PKI. + · Troubleshoot and resolve complex PKI-related issue. + · Ensure timely renewal of all root and intermediate certificates and verify that the newly copied certificates are trusted and do not cause any cross-domain communication issues. + · Collaborate with Product development teams and Partners to define standards and best practices for PKI implementation. + · Manage the operations of hardware security modules (HSMs) and key management systems. + · Ensure compliance with relevant security policies and regulations provided CA/Browser Forum and FIPS standards. + · Identify and document PKI requirements and new findings for all infrastructure devices and software within the company. + · Ability to support and manage PKI-related security incidents and prepare Root Cause Analysis (RCA) documents. + · Collaborate with the vendor and other technical teams as required to reach resolutions on any issues related to digital certificates. + · Stay abreast with the latest security and compliance matters related to digital certificates. + · Perform a regular audit or SSL certificates to ensure all devices and applications making the most secure communications based on industry standards. + · Provide consultations on best practices using the SSL/TLS encryption protocols. + · Strong knowledge of ServiceNow ticketing, change creation, addressing tickets promptly and generating and tracking team productivity reports. + · Strong understanding skills of ADFS and Oracle Access Gateway integration across multiple application configurations to ensure robust security. + · Understanding of the principles of both cloud technologies and on-prem application security, including public key infrastructures. Knowledge, Skills, and Abilities: + · Knowledge in Cryptography and Security, including PKI, digital signatures, HSMs, and machine identity protection systems, cryptographic APIs (PKCS#11, OpenSSL,…) + · Scripting languages (Python, PowerShell, Bash) for automation of PKI-related tasks. + · Strong leadership, organizational abilities, and the capacity to work well under pressure. + · Experience with Windows servers AD FS, Certificate Authority (CA), IIS, GPO, and PowerShell. + · Experience with Linux, Apache, Tomcat, Nginx. + · Experienced with PingId, F5 Volterra, Citrix NetScaler and relevant technologies. + · Strong experience in managing and renewing digital certificates on Web Servers. + Strong experience in managing code signing process + · Possess good systems administration skills on Windows and Linux with the ability to effectively navigate on both operating systems to perform tasks or troubleshooting. + · Capable in automating monitoring and installation of digital certificates using any scripting tools such as but not limited to PowerShell and Bash scripting. + · Good communication skills and ability to interact with others professionally. + · Ability to conform to defined processes. + · Ability to be on call to respond to any related incidents. Qualifications: + · 6 or more years of experience in PKI technology. + · Bachelor of Science in Computer Science, Business Information Engineering, or established professional with equivalent experience. + · Certifications: DigiCert Digital Trust Associate or specialized PKI certifications. + · Advanced certifications such as CISSP, or other relevant certifications (preferred). + · Must have exposure and experience with AWS (preferred) or other cloud provider. Additional Requirements and Details: + · May require to work odd hours/rotation shifts to provide certificate and encryption service support Need to be flexible to work over weekends to complete maintenance activity.