Job Description :

A PKI & HSM Operations Engineer is responsible for implementing and supporting PKI solutions at the enterprise level. This role involves managing in-house Certificate Authorities (CAs), providing and updating documentation on operational procedures and methodologies, and operating and maintaining Hardware Security Modules (HSMs). The engineer will conduct key ceremonies, update CRLs, and ensure the security and integrity of cryptographic keys. Additionally, the engineer will support production system maintenance, operations, and troubleshooting, collaborating with stakeholders and development teams to integrate capabilities into the overall system architecture.

The ideal candidate will have a strong background in PKI management, including expertise with Microsoft PKI and Active Directory Certificate Services, as well as experience in managing digital certificates, symmetric and asymmetric keys, and related security technologies.

Mandatory skills :

- Hardware Security Module (HSM) implementation experience.

- Experience architecting and implementing OCSP and LDAP technology.

- End-to-end ownership of PKI infrastructure, SCEP, CES and API.

- Create and maintain procedural documents (SOPs).

- Ownership of scalability, capacity, redundancy, resiliency, maintenance, and decommissioning planning for our PKI solution.

- Secure, maintain, and monitor the entire PKI solution end-to-end for our IoT ecosystem.

- Software provisioning and maintain up-to-date patch management.

Desired skills :

- A strong understanding of PKI concepts.

- Hands-On knowledge with ADCS/Microsoft and Entrust Managed PKI, Multi-Factor Authentication (MFA) services.

- Oversee the creation, distribution, revocation, and renewal of digital certificates.

- Ensure automated certificate management processes are in place to minimize downtime and risk.

- Experience with Hardware Security Module (HSM) configure, implement, operate, maintain, and troubleshoot.

- Conduct semi-annual CRL update activities for HSMs within the data center.

- Develop and implement automation for certificate generation, deployment, and management using scripting languages (e.g., PowerShell, Python), ensuring high availability and scalability of PKI services

- Partner with architecture teams to understand the security and business implications of PKI strategy.

- Manage Groups, Users, Service, and Computer Accounts for the existing PKI infrastructure. Plan, implement, and troubleshoot Group Policy Management.

- Troubleshoot and solve unique and complex problems related to infrastructure and PKI.

- A strong understanding of PKI concepts.

- Hands-On knowledge with ADCS/Microsoft and Entrust Managed PKI, Multi-Factor Authentication (MFA) services.

Experience : 8+ Years

Locations : Pune, Hyderabad, Bangalore