PKI Senior Security Engineer

Bring your expertise in Public Key Infrastructure (PKI) to help secure and enable enterprise-scale platforms. In this role you will design operate and continuously improve certificate and key management services that protect critical systems and applications. You will partner closely with cybersecurity infrastructure and application teams to deliver resilient compliant and automated certificate solutions while providing hands-on production support in a dynamic high-availability environment.

Responsibilities

• Architect deploy and operate enterprise PKI solutions with a primary focus on Microsoft Active Directory Certificate Services (ADCS) ensuring secure identity encryption and trust services across the organization.
• Manage certificate lifecycle automation and policy enforcement using Venafi improving reliability visibility and compliance across platforms.
• Administer and support Hardware Security Modules (HSMs) including Luna and nCipher to protect cryptographic keys and sensitive operations.
• Develop maintain and enforce certificate standards policies and governance frameworks aligned to organizational and regulatory requirements.
• Provide deep technical leadership during certificate-related incidents serving as an escalation point to troubleshoot and restore production services within established service level agreements.
• Partner with application owners UNIX and Windows administrators network teams and external Certificate Authorities to design and implement secure certificate solutions.
• Govern external Certificate Authorities such as DigiCert and Sectigo ensuring proper usage lifecycle management and compliance.
• Execute and support critical PKI operational activities including scheduled change windows annual CRL publishing and root key ceremonies.
• Ensure PKI services meet regulatory and security standards including FIPS and NIST guidance.
• Contribute to PKI and certificate management product roadmaps identifying opportunities for automation modernization and risk reduction.
• Track and report operational health and progress using clear data-driven metrics.
• Participate in an on-call rotation including after-hours change implementation to support 24x7 enterprise environments.

Required Qualifications

• Minimum of 2 years of hands-on experience supporting PKI technologies including certificate lifecycle management and reporting.
• Minimum of 4 years of Linux/UNIX systems administration experience including package management and command-line troubleshooting.
• Minimum of 4 years of scripting or automation experience using tools such as Ansible Bash PowerShell or Python.
• Strong working knowledge of PKI concepts including SSL/TLS certificate authorities public/private key cryptography CRLs and trust stores.
• Experience supporting Microsoft ADCS components such as CEP/CES and NDES.
• Proficiency administering certificates across both UNIX/Linux and Windows environments.
• Working knowledge of TCP/IP networking concepts and common infrastructure components including DNS firewalls load balancers (such as F5) and routing.
• Hands-on experience using certificate and cryptographic tools such as OpenSSL Java Keytool Keystore Explorer and PuTTY.
• Strong organizational and prioritization skills with the ability to manage multiple certificates and initiatives simultaneously.
• Demonstrated ability to work independently in complex large-scale multi-platform environments while collaborating effectively across teams.
• Proven problem-solving skills with strong attention to detail and a customer-focused mindset.
• Excellent verbal and written communication skills with the ability to explain technical concepts to diverse audiences.

Preferred Qualifications

• Bachelors degree in Information Systems Computer Science or a related field.
• Experience with Venafi DigiCert Sectigo or similar certificate management and CA platforms.
• Security-related industry certification.
• Experience configuring and troubleshooting web application and middleware technologies.
• Familiarity with healthcare or PBM industry environments.

About The Cigna Group

Qualified applicants will be considered without regard to race color age disability sex childbirth (including pregnancy) or related medical conditions including but not limited to lactation sexual orientation gender identity or expression veteran or military status religion national origin ancestry marital or familial status genetic information status with regard to public assistance citizenship status or any other characteristic protected by applicable equal employment opportunity laws.

If you require reasonable accommodation in completing the online application process please email: for support. Do not email for an update on your application or to provide your resume as you will not receive a response.

The Cigna Group has a tobacco-free policy and reserves the right not to hire tobacco/nicotine users in states where that is legally permissible. Candidates in such states who use tobacco/nicotine will not be considered for employment unless they enter a qualifying smoking cessation program prior to the start of their employment. These states include: Alabama Alaska Arizona Arkansas Delaware Florida Georgia Hawaii Idaho Iowa Kansas Maryland Massachusetts Michigan Nebraska Ohio Pennsylvania Texas Utah Vermont and Washington State.

Qualified applicants with criminal histories will be considered for employment in a manner consistent with all federal state and local ordinances.