PKI Security Architect

Title: PKI Security Architect

Location: Tampa or Dallas Onsite

Duration: 12 month ongoing contract to hire

Job Description:

Create and drive the internal and client PKI security capability roadmap within information technology & the respective IT stakeholders.

Create and drive the secrets management capability roadmap within information technology & the respective IT stakeholders.

Influence change of control policies with Technology Risk Management & build strong partnerships with IT Architecture & Application Development partners.

Create IT security standards and drive bestpractices which are easily consumed by IT stakeholders.

Own the enterprisewide PKI architecture including HSMs Hardware Security Modules CAs Certificate Authorities CLM Certificate Lifecycle Management.

Proactively identify access management gaps and partner with app dev teams for remediation

Design processes and workflows for generation rotation and revoking certificates.

Identify automation opportunities for certificate lifecycle.

Act as the domain specialist to help guide and shape how certificate management services are enabled.

Design new certificate management services integrations and technologies.

Mentor junior security architects to enhance their security and architecture skills within the team.

Maintain professional and technical process knowledge by keeping abreast of the changing security landscape within the technology industry and changes in cybersecurity frameworks.

Create white papers and present in industry conferences to present thought leadership in the security field.

Align risk and control processes into daytoday responsibilities to monitor and mitigate risk; escalates appropriately.

Specific Skills & Technologies

Strong Information Security experience specifically in PKI/Cryptography (on premise and cloud) & Secrets management.

Solid working experience with certificate issuance ceremonies.

Indepth knowledge of Certificate Lifecycle Management including certificate revocation list (CRLs) best practices.

Working experience with 2 vendors such as: Venafi Hashicorp Microsoft Thales Gemalto (SafeNet HSM) DigiCert Hitachi (HiPAM).

Experience in SSL certificate management concepts processes and solution management.

Strong experience with Online Certificate Status Protocol (OCSP) infrastructure Hardware Security Modules (HSM) CMS Enterprise Venafi Trust Protection Platform and Venafi TrustNet software suites.

Experience in building Certificate Policy (CP) and Certificate Practice Statements (CPS).

Solid experience with Python networking fundamentals OS (Windows/Linux) security.

Experience with Information Security frameworks (e.g. ISO 27001 and NIST) & security architecture frameworks.

Strong technical writing skills to support required documentation.

Demonstrated ability to collaborate between product management engineering risk and IT teams.

Has strong communication skills with the ability to present in front of large audience.