PKI and Cryptography Technical Lead

At Freddie Mac our mission of Making Home Possible is what motivates us and its at the core of everything we do. Since our charter in 1970 we have made home possible for more than 90 million families across the country. Join an organization where your work contributes to a greater purpose.

Position Overview:

This role be will be part of the Information Security Operations and Engineering department. This position is responsible for providing Public Key Infrastructure (PKI) Cryptography Certificate and Key Management (KCM) Data-at-Rest and Data-in-Transit Encryption support for the infrastructure and applications across multi-site enterprise cloud and data center environments.

**This position has an on-call requirement and could require after-hours support on weekdays and weekends to support Incidents**

Our Impact:

Our team is a dynamic hard-working team that is tasked with providing cryptography expertise to the firm including encryption (at-rest and in-transit) and key management services.

Your Impact:

Technical Leadership

• Extensive knowledge with certificate authentication and certificate lifecycle management

• Strong understanding of the NIST standards relative to cypher management

• Possess a baseline experience relative to server management server health and effective health monitoring

• Develop an end to end understanding of the PKI application architecture to be able to configure application level monitoring (ex: service health synthetics etc..)

• Understanding of general infrastructure concepts such as network routing firewall understanding of firewall rules. Including implementation across multiple regions.

• Work closely with technology and business stakeholders to implement shared PKI/KCM migration and upgrade goals determine security requirements design and implement solutions to meet business objectives IT strategic initiatives corporate and regulatory requirements.

• Communicate effectively with clients to identify needs and evaluate alternative technical solutions and strategies.

• Protect and secure company resources in the cloud virtual and physical infrastructures.

• Stay current with developing technologies emerging threat landscape and predict impact of changing technologies.

Support of Design Build and Operations

• Perform the planning design implementation and Level 3 support of IT Security solutions related to PKI encryption at rest and in transit KCM and Cryptography.

• Provide enterprise support to internal teams for use configuration and troubleshooting of PKI and cryptographic technologies including HSMs TLS protocols and cipher suites PKI enrollment and management of certificates.

• Support the security risk assessment of applications and infrastructure.

• Ensure effective execution of key IT controls and remediation of incident response vulnerability analysis and threat intelligence.

• Provide technical guidance develop design documents perform product installation upgrades and certification implementation plan deployment and troubleshooting support.

• Diagnose solve and provide root cause analysis for PKI and encryption related issues.

• Ensure consistent delivery of superior technical solutions.

• Evaluate current data protection services and if necessary design and deploy cloud-based PKI encryption-at-rest certificate and key management and credential management services.

Change Agent

• Champion technology and tools change that improves delivery processes.

• Act as an agent for change to reflect the latest PKI and Cryptography standards in new technologies and tools.

• Serve as an enterprise subject matter expert (SME) and advocate of IT Security standards and reference architectures related to PKI and Cryptography.

• Coordinate with Information Security team to ensure solution assurance and compliance to security policy procedures standards and baseline security configurations.

Team Leadership

• Support other operational team members by providing technical information reviewing designs and making recommendations.

• Mentor junior members of the operations and engineering team.

• Help coordinate deployments with other engineers and make schedule recommendations.

• Must be able to effectively perform both independently and collaboratively as a strong team leading contributor.

• Possess the ability to meet challenges head on with a positive outlook and reflect a positive leadership and attitude towards your peers.

Qualifications

• Bachelors Degree in Information Technology Engineering Computer Science related field or equivalent experience.

• At least 8-10 years of relevant experience in IT Security.

• 5 years of experience planning designing and implementing of PKI infrastructure including integration with core infrastructure components (servers desktops and other devices) to automate the management of the certificate lifecycle (issuance notification of expiration/revocation replacement with restart of impacted services) and SSH keys in a large organization.

• Experience with scripting languages Python PowerShell shell scripting JavaScript Perl SQL.

• Possess good working knowledge of PKI Cryptographic solutions SSL/TLS multi-factor authentication X.509 token single sign-on federated identity SSH and certificate management solutions.

• Knowledge of security issues techniques and implications across computing platforms.

• Knowledge of Ping SMARTCARD and Multifactor authentication.

• Knowledge of information security standards (e.g. ISO NIST).

• Exposure to varied operating systems UNIX/Linux Windows.

• Experience designing and implementing cloud-based solutions.

• Experience with operational server and client use of PKI for Network Authentication TLS (cipher suite) configuration across multiple systems/clients (Windows Linux) enrollment and installation and troubleshooting experience.

• Experience with AppViewX EJBCA AWS KMS ADCS Vormetric Venafi a plus.

• Experience with use of PKI for systems and processes supporting web presence (Web PKI) including Apache Weblogic and other front-end servers and processes.

• General understanding of key IT components Secure LDAP Networking firewall load balancing Federated Identity.

Key to success in this role

• Works autonomously to provide technical guidance to the team.

• Good communication and team player.

• Strong written and oral communications skills.

• Proactive in nature with customer satisfaction as primary goal.

• Innovative in providing solutions likes to take on challenges with calculated risk.

• Quick learner of new technologies and tools.

• Detail oriented mindset

• Eager to learn new technologies as organizational evolution is incurred

Current Freddie Mac employees please apply through the internal career site.

We consider all applicants for all positions without regard to gender race color religion national origin age marital status veteran status sexual orientation gender identity/expression physical and mental disability pregnancy ethnicity genetic information or any other protected categories under applicable federal state or local laws. We will ensure that individuals are provided reasonable accommodation to participate in the job application or interview process to perform essential job functions and to receive other benefits and privileges of employment. Please contact us to request accommodation.

A safe and secure environment is critical to Freddie Macs business. This includes employee commitment to our acceptable use policy applying a vigilance-first approach to work supporting regulatory mandates and using best practices to protect Freddie Mac from potential threats and risk. Employees exercise this responsibility by executing against policies and procedures and adhering to privacy & security obligations as required via training programs.

CA Applicants: Qualified applications with arrest or conviction records will be considered for employment in accordance with the Los Angeles County Fair Chance Ordinance for Employers and the California Fair Chance Act.

Notice to External Search Firms: Freddie Mac partners with BountyJobs for contingency search business through outside firms. Resumes received outside the BountyJobs system will be considered unsolicited and Freddie Mac will not be obligated to pay a placement fee. If interested in learning more please visit and register with our referral code: MAC.

Freddie Mac offers a comprehensive total rewards package to include competitive compensation and market-leading benefit programs. Information on these benefit programs is available on our Careers site.