Kforce has a client that is seeking a PKI Security Architect in Jersey City, NJ.
Position Summary:
Produce security architecture deliverables as part of initiatives related to public key infrastructure (PKI) and secrets management
Proactively identify security gaps, propose solutions, and follow through with engineering teams for implementation
Be the subject matter expert for PKI and Secrets management through the enterprise
Inspire team members and junior staff to contribute new ideas and alternative approaches
Your Responsibilities:
Create and drive the internal and client PKI security capability roadmap within information technology & the respective IT stakeholders
Create and drive the secrets management capability roadmap within information technology & the respective IT stakeholders
Influence change of control policies with Technology Risk Management & build strong partnerships with IT Architecture & Application Development partners
Create IT security standards and drive best-practices which are easily consumed by IT stakeholders
Own the enterprise-wide PKI architecture including HSMs - Hardware Security Modules, CAs - Certificate Authorities, CLM - Certificate Lifecycle Management
Proactively identify access management gaps and partner with app dev teams for remediation
Design processes and workflows for generation, rotation, and revoking certificates
Identify automation opportunities for certificate lifecycle
Act as the domain specialist to help guide and shape how certificate management services are enabled
Design new certificate management services, integrations, and technologies
Mentor junior security architects to enhance their security and architecture skills within the team
Maintain professional and technical process knowledge by keeping abreast of the changing security landscape within the technology industry and changes in cybersecurity frameworks
REQUIREMENTS:
Strong Information Security experience, specifically in PKI/Cryptography (on premise and cloud) & Secrets management
Solid working experience with certificate issuance ceremonies
Working experience with 2+ vendors such as: Venafi, Hashicorp, Microsoft, Thales, Gemalto (SafeNet HSM), DigiCert, Hitachi (HiPAM)
Experience in SSL certificate management concepts, processes, and solution management
Strong experience with Online Certificate Status Protocol (OCSP) infrastructure, Hardware Security Modules (HSM), CMS Enterprise, Venafi Trust Protection Platform, and Venafi TrustNet software suites
Experience in building Certificate Policy (CP) and Certificate Practice Statements (CPS)
Solid experience with Python, networking fundamentals, OS (Windows/Linux) security
Experience with Information Security frameworks (e.g. ISO 27001 and NIST) & security architecture frameworks
In-depth knowledge of Certificate Lifecycle Management including certificate revocation list (CRLs) best practices
Strong technical writing skills to support required documentation
Demonstrated ability to collaborate between product management, engineering, risk, and IT teams
Has strong communication skills with the ability to present in front of large audience
The pay range is the lowest to highest compensation we reasonably in good faith believe we would pay at posting for this role. We may ultimately pay more or less than this range. Employee pay is based on factors like relevant education, qualifications, certifications, experience, skills, seniority, location, performance, union contract and business needs. This range may be modified in the future.
We offer comprehensive benefits including medical/dental/vision insurance, HSA, FSA, 401(k), and life, disability & ADD insurance to eligible employees. Salaried personnel receive paid time off. Hourly employees are not eligible for paid time off unless required by law. Hourly employees on a Service Contract Act project are eligible for paid sick leave.
Note: Pay is not considered compensation until it is earned, vested and determinable. The amount and availability of any compensation remains in Kforce's sole discretion unless
and until paid and may be modified in its discretion consistent with the law.
This job is not eligible for bonuses, incentives or commissions.
Kforce is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, pregnancy, sexual orientation, gender identity, national origin, age, protected veteran status, or disability status.
