PKI Security Analyst (BHJOB22048_559)

ITmPowered - Greenwood Village, CO

30+ days ago
PKI Security Analyst Roles and Responsibilities: As a PKI Analyst play an integral role in remediation, troubleshooting, solutions design and administration of large scale enterprise and commercial/publicly trusted PKI services. Support the onboarding and renewal of a multitude of PKI Certificate types Build Certificate data dashboards on certificate expiration forecasts with intel on certificates by […]

PKI Security Analyst

Roles and Responsibilities:
As a PKI Analyst play an integral role in remediation, troubleshooting, solutions design and administration of large scale enterprise and commercial/publicly trusted PKI services.
Support the onboarding and renewal of a multitude of PKI Certificate types
Build Certificate data dashboards on certificate expiration forecasts with intel on certificates by type and any non-compliant certificates – wildcard, user self-signed, SHA1, etc.
Scan, gather, compile certificate data on hundreds of enterprise applications,
Correlate and validate certificate groupings with Asset owners and their leadership.
Deliver clear communications and reporting on certificate expiration forecasts, expired certificates, weak / non-compliant certificates.
Work with Software Engineers, System/DB Admins, infrastructure engineers, and IT leadership to guide them through the removal, renewal, creation of new certificates and process to enter into Venafi for future certificate management automation.
Work with PKI Architects to enter in / pull data from Venafi in alignment with internal and external CA.
Serve as PKI Certificate and Encryption SME providing enterprise PKI support and guidance.
Working on Venafi Enterprise PKI Certificate Lifecycle Management solutions, PKI management, orchestration, remediation and verification, certificate authorization, and integration with enterprise applications.
Gather Certificate inventory data and provide guidance on future state SHA1-SHA2 migrations.
Pro-actively monitor and administer certificate usage/deployment/expiration and ensure compliance with corporate security standards.
Coordinate testing of changes/additions to the PKI infrastructure. Support the definition of POCs around PKI, encryption and other certificate related technologies.
Document, recommend and review PKI and encryption related projects. Gather business requirements, document architectural design and build/operate artifacts.
Drive the remediation, trouble shooting, resolution, and policy documentation process.
Work with information security leadership and cross-functional teams to develop strategies and plans to enforce security requirements and address identified risks.

Experience:
3-5 years of PKI experience in monitoring, implementing, and integrating information security systems.
Strong working experience with PKI infrastructure (Certificate Authorities, Registration Authority, Certificate trust chains and Certificate Revocation Lists).
PKI Certificate lifecycle management experience – Issuance, Inventory, Monitor, Remediation, Renewal.
Solid understanding of PKI elements; Internal / External Certificate Authorities (CA), Root CA’s, subordinate/issuing CA’s, Registration Authorities, Validation Authorities, CRL’s, OCSP Responders, Certificate Lifecycle Management tools or resources.
Strong working experience with PKI infrastructure (Certificate Authorities, Registration Authority, Certificate trust chains and Certificate Revocation Lists).
PKI experience with key and certificate management solutions (Venafi, CSS, Gemalto, etc)
Experience maintaining and operating Public Key and Certificate Infrastructure
Experience with Certificate Policies and Certification Practice Statements
Ability to troubleshoot complex problems related to PKI infrastructure systems and resolve issues
Understanding of SSL Certificates and deployment, maintenance, renewal of certificates from web servers, reverse proxy servers, application servers
Experience supporting PKI systems that span multiple geographic regions and infrastructure providers
Experience with using HSMs (Hardware Security Modules)
Fluent with the following protocols: TCP/IP, SSL, TLS, SCP and HTTPS. Understand Lightweight Directory Access Protocol (LDAP) and how it is used.
Interpersonal skills including the ability to collaborate effectively, self-awareness
Ability to work with different teams and interact with technical and business Owner Associates
Demonstrate excellent communication skills including internal and external customers.
Ability to use strong industry knowledge to relate to customer needs and dissolve customer concerns and high level of focus and attention to detail.
Strong work ethic. Time management with ability to work with diverse teams and lead meetings.
Background in Systems Administration of Windows, Linux, VM, Application and database servers.