• In this role, you will contribute to the development, automation, and support of PKI and certificate lifecycle management capabilities across the enterprise environment
• The role involves strong collaboration with security, infrastructure, and application teams to ensure secure authentication, encryption, and digital trust within our systems
• Contribute to the implementation, development, deployment, configuration, and enhancement of EJBCA-based PKI infrastructure, including CA hierarchies, RA functions, OCSP responders, and CRL distribution
• Develop and maintain certificate lifecycle automation, including provisioning, renewal, revocation, monitoring, and audit logging
• Support internal stakeholders with certificate enrollment workflows (SCEP, EST, ACME, CMP) and usage patterns
• Help integrate certificate-based authentication into enterprise platforms, services, and workloads
• Support certificate lifecycle management processes for internal clients, applications, and devices
• Collaborate with security architects, infrastructure, and application teams to align PKI solutions with organizational policies and compliance requirements
• Participate in incident response and troubleshooting for PKI-related issues such as certificate validation failures or service outages

Contribute to documentation, operational runbooks, and standards for PKI operations

• 5+ years of hands-on experience in PKI systems, including EJBCA or similar CA/RA platforms
• Experience with enrollment protocols such as SCEP, EST, ACME, or CMP
• Familiarity with certificate lifecycle automation, workflows or CLM platforms and APIs
• Experience with scripting or programming languages (e.g., Python, Golang, Java)
• Familiarity with HSM integration, key escrow, and secure enclaves
• Proficiency with Linux environments and version control systems (e.g., Git)
• Familiarity with cloud environments (AWS) and how PKI integrates with cloud services
• Solid understanding of DevOps practices, CI/CD, monitoring, and ownership of production systems
• Experience with hardware-backed security mechanisms such as TPM, HSM, or secure enclaves
• Experience with PKI in Kubernetes or service mesh environments (e.g., Istio, SPIRE, cert-manager)
• Exposure to device attestation, platform security, or Secure Boot concepts
• Familiarity with relevant security frameworks or compliance standards (e.g., NIST, ISO, SOC 2)
• Awareness of common security weaknesses (OWASP Top 10, CWE Top 25)

General understanding of core security concepts such as MFA, Zero Trust, and secrets management

• Strong understanding of X.509 certificates, CRLs, OCSP, certificate templates, trust chains and key usage extensions

Understanding of PKI use cases for TLS/mTLS, device identity, Wi-Fi/EAP, VPN, code signing, workload identity, etc