Responsibility  

PKI -HSM Engineer will administer the Certificate Authorities (CA) and Hardware Security Modules (HSMs) of the organization ’s Public Key Infrastructure (PKI) and Key Management. Also, he is responsible in handling large scale enterprise and commercial/publicly trusted PKI services. Additionally, is expected to perform and understand Certificate lifecycle management – Installation, Renewal, Revoke , and Certificate Enrolment Web Services  

Along with these responsibilities, he will manage the Service Level Agreement (SLA) timelines and enhance the efficiency of the process. Currently, there are automated solutions to handle most of the features of PKI. Hence, it is important to have an automation bend of mind to understand, handle and enforce those solutions in the organization .  

Activities   

 

• Drive and mature our Certificate Management Service and Public Key Infrastructure systems, policies, and practices  

• Promote consistency and best practices and standards; enhance those best practices and standards, and provide measurable plans to ensure consistency  

• Manage risk appropriately  

• Take a leadership role in planning and communicating changes to certificate management and PKI industry best practices  

• Seek out root cause and correction of errors for operational events  

• Maintain current understanding of security threats, changing security landscape, technological changes, and emerging trends  

• Mentor and train peers on operational and technical excellence  

 

Required knowledge  

 

• 5+ Years direct experience with PKI and Certificate Management processes and functions  

• Hands-on experience with Thales products  

• Understanding of the certificates management life cycle process  

• In-depth knowledge of PKI, cryptography, certificate management technologies, best practices, services with a focus on operations, governance, risk, and compliance  

• Familiarity with PKI Standards, FIPS-140, NIST cryptography standards and frameworks.   

• Ensuring the NIST 800-53 Rev. 4 security controls, where applicable, are in place and validated on all PKI systems.   

• Keep current on technologies and industry trends related to cybersecurity and PKI/certificate management , understanding of PKI Architecture  

• Understanding of PKI health check processes and how to perform the health checks on a regular basis.  

• Experience with public cloud implementations of security services