PKI Engineer

Job Description

Werelooking for an experiencedPKI Engineerwho is responsible fortheengineering operation and continuous improvement of SASs Public Key Infrastructure (PKI) services. You will be responsible for theday-to-dayreliability security and automation of certificate lifecycle servicesthat support internaland externalplatforms applications devices and integrations.

This position works closely with IdentityInfrastructure Operations Application and Hostingteams to ensuresecure machine identity encryption and trustacrosson-premisesand cloud environments whileoperatingwithin established enterprise architectures and security standards.

Primary Responsibilities

• Engineeroperate andmaintainownership and usage ofpublic trustedcertificate services.

• Engineeroperate andmaintainprivateenterprise PKI services including Issuing CAs certificate templates enrollment services CRLs and OCSP responders

• Performcertificate lifecycle managementactivities: issuance renewal revocationexpirationmonitoring and troubleshootingacross both public and privateservices.

• Supportcertificate-basedauthentication forusersservers applications APIs services and devices

• Identify&Educatethe stakeholders withappropriate certificaterequirements

• Ensure high availability backup and recovery for PKI components.
• Implement andmaintaincertificate automationusing approved toolsplatformsand common standards( DigiCert ACME)
• Develop andmaintainautomationstandardsregardingintegrationsto reduce manual certificate operations
• Partner with DevOps and Platform teams to integrate PKI intoCI/CD pipelines and infrastructure workflows
• Provide consistent directionand driveaccountability to align with the SAS PKI program.
• Apply approvedPKI securitystandards CA hardening standards and access controls
• Support compliance withSAS security standards NIST guidance applicable regulatory requirements andevolvingstandards (post-quantum crypto PQC)
• Participate in audits risk reviews and incident response activities related to PKI services
• Assistwithcertificate-relatedsecurity investigations and root cause analysis.
• Act as aPKIsubject mattercontributorfor internal teams consuming certificate services
• Provide Tier II / Tier III support for PKIrelated issues
• Create andmaintainoperational documentationscriptsrunbooks and procedures
• Participate inoncallrotation for PKI services (asrequired)

Requirements

(Explain the technical areas/skills required for hiring)

Essential

• Yourecurious passionate authentic and accountable. These are our values and influence everything we do.
• 5 years of experience inPKI security engineering or infrastructure security.

• Handson experience withMicrosoft Active Directory Certificate Services (AD CS) step-ca VenafiKey factor DigiCert.

• Working knowledge ofX.509 certificates TLS/SSL RSA/ECC CRLs OCSP.

• Experience administeringWindows & Linux Servers.

• Scripting experience (shell/bash Python PowerShell).

• Ability to work with regular overlaps into EMEA business hours to support cross-region collaboration and knowledge transfer.

• Demonstrated ability to develop others through mentoring training and documentation; experience enablinganalystor operations teams to support engineering outcomes.

Additional

• Ability to prioritize and deliver multiple initiatives simultaneously.
• Strong customer service mindset with a focus on business outcomes.
• Proven ability to lead technical discussions and stakeholder meetings.
• Strong analytical & problem-solving skills.

Preferences

• Experience withCertificate Management Platforms(VenafiKey factor DigiCert)
• Exposure to cloud PKI integrations (Azure AWS or GCP)
• Familiarity with automation DevOps or CI/CD environments
• Security or infrastructure certifications (e.g. Security vendor PKI training)
• Experience with technical documentcreation.

Mandatory Technical Skills

• PKI Engineering & Operations

Total Years of Relevant Experience

• 5 years of experience inPKI Security Engineering or Infrastructure Security

Education Preference

Bachelors / masters degree in computer science Engineering or a related quantitative field

Equivalentcombination of related education training and experience may be considered in place of the above qualifications.