GMS-Senior-PKI

At EY youll have the chance to build a career as unique as you are with the global scale support inclusive culture and technology to become the best version of you. And were counting on your unique voice and perspective to help EY become even better too. Join us and build an exceptional experience for yourself and a better working world for all.

Managed ServiceIAM MS PKI MS PKI And Venafi Senior

The PKI Consultant role will be primarily responsible for the support design and enhancement of enterprise-level Public Key Infrastructure (PKI) solutions focusing on Microsoft PKI (Active Directory Certificate Services) and Venafi Trust Protection Platform. The role includes overseeing secure certificate lifecycle management designing scalable certificate services architecture and ensuring compliance and governance across internal and external systems. This position requires strong expertise in digital identity cryptographic practices and automation of certificate processes.

Key Requirements / Responsibilities:

• Design implement and manage Microsoft PKI (ADCS) including Root CA Subordinate CA and certificate templates.
• Deploy configure and maintain the Venafi Trust Protection Platform for automated certificate lifecycle management.
• Establish policies and governance models for certificate issuance renewal revocation and audit logging.
• Lead troubleshooting efforts for certificate-related issues across endpoints applications servers and network devices.
• Integrate PKI solutions with enterprise infrastructure including Azure load balancers firewalls VPNs and identity providers.
• Support onboarding of critical applications and devices into Venafi workflows for certificate automation.
• Monitor and manage health and availability of PKI infrastructure including CRLs OCSP responders and AIA locations.
• Participate in incident response and risk mitigation involving PKI systems or expired/compromised certificates.
• Support cryptographic lifecycle management by enforcing standards like key length algorithm selection and renewal timelines.
• Provide mentoring and technical leadership to junior team members on PKI best practices.
• Assist in the evaluation and implementation of modern certificate technologies including short-lived certs and post-quantum crypto readiness.

Relationships:

• Operation Lead / Manager

Qualifications:

Education:

• Bachelor orcollegedegree in related field or equivalent work experience

.

Work Experience:

• 5-9 Years Experience

Skills Expertise

• Minimum 5 years of experience designing and managing enterprise-grade PKI systems.
  Expertise in Microsoft ADCS including Root/Issuing CAs CRL/AIA configuration templates and key archival.
• Strong experience in Venafi Trust Protection Platform configuration policy enforcement and automation.
• Deep understanding of certificate lifecycle management and cryptographic standards (X.509 RSA ECC).
• Hands-on experience with certificate automation using APIs PowerShell or Venafi workflows.
  Familiarity with TLS/SSL protocols SCEP EST and integration with network/security appliances.
• Knowledge of encryption technologies HSMs and key management best practices.
• Experience with auditing compliance and PKI governance frameworks (CP/CPS).
• Proven ability to troubleshoot certificate authentication issues and root cause certificate failures across platforms.
• Excellent communication and documentation skills to interface with internal stakeholders vendors and auditors.
• Experience working in hybrid cloud environments where certificates are used across on-prem and cloud systems.
• Understanding of DevOps integrations for certificate provisioning (e.g. via REST APIs pipelines).
• Strong attention to detail and the ability to lead high-impact projects independently.

Good to have:

• Familiarity with Azure Key Vault Azure AD Certificate-Based Authentication and integration with cloud-native workloads.
• Knowledge of Zero Trust architecture and role of digital certificates in endpoint validation.
• Understanding of advanced certificate use cases like client auth code signing document signing.

Certification:

• Venafi Certified Administrator (Good to have)
• Microsoft Identity and Access Administrator (Sc-300) (Good to have)

Work Requirements:

• Willingness to be on call support engineer and work occasional overtime as required
• Willingness to work in 24*7 rotational shifts as required

EY Building a better working world

EY exists to build a better working world helping to create long-term value for clients people and society and build trust in the capital markets.

Enabled by data and technology diverse EY teams in over 150 countries provide trust through assurance and help clients grow transform and operate.

Working across assurance consulting law strategy tax and transactions EY teams ask better questions to find new answers for the complex issues facing our world today.