PKI Architect
About the role
The senior architect role drives complex design, development, and implementation activities to provide PKI related services to the business across a large set of digital certificate use cases. The role drives both tactical improvements to drive service enhancements but also develops innovative strategic initiatives to provide future state solutions. The role is aligned to a number of technologies including, but not limited to, Microsoft’s Active Directory Certificate Services, Network Device Enrollment Services (NDES), Online Certificate Status Protocol (OCSP), Thales Hardware Security Modules (HSM), Venafi Trust Protection Platform, and Intune certificate connectors.
Responsibilities
- Partner with all stakeholders and external vendors to design, develop, deploy and support the best possible solution to meet EY business needs.
- Assess and define problems or opportunities for improvement by providing documented business, functional, operational, and security requirements to be addressed by future state solutions.
- Design innovative solutions that address key lifecycle management functions to support the needs of the business.
- Communicate design approaches and recommendations to gain stakeholder approval and agreement.
- Cook up design activities across multiple teams and services to ensure successful completion of complex projects.
- Develop technical and functional solutions that integrate with business processes.
Requirements
A deep understanding of digital certificate lifecycle management functions and broad experience with different certificate types and uses.
A broad understanding of the available PKI vendors and technologies offering technical solutions in the market.
Knowledge and experience with cryptographic protocols, services, and standards.
Ability to collect, refine, and analyse business requirements and develop innovative solutions.
Strong communication skills both verbal and written.
Skills and attributes for success
- A deep understanding of digital certificate lifecycle management functions and broad experience with different certificate types and uses.
- A broad understanding of the available PKI vendors and technologies offering technical solutions in the market.
- Knowledge and experience with cryptographic protocols, services, and standards.
- Ability to collect, refine, and analyse business requirements and develop innovative solutions.
- Strong communication skills both verbal and written.
Benefits
Compensation range: $152,700 to $294,000.
Flexible vacation policy.
Winter/Summer breaks.
Personal/Family Care.
Other leaves of absence.
Pay
Base salary range: $152,700 to $294,000.
Schedule
Hybrid model with in-person work expected 40-60% of the time over the course of an engagement, project or year.
Qualifications
Experience with key PKI technologies such as Microsoft Active Directory Certificate Services including Certificate Authority, NDES, OCSP and Intune Certificate Connector.
Experience with Thales Luna Hardware Security Modules (HSMs).
Experience with Venafi TrustForce and Trust Authority.
Experience with automation of certificate lifecycle management functions.
Experience with certificate request and issuance processes integrating to ServiceNow automation.
Programming and/or script development experience.