Title: PKI Security Architect
Location: Tampa, FL / Dallas, TX (Hybrid 3 Days Onsite)
Duration: 6+ Months Contract to Hire
Job Description
Client Detail (What does the company do? Recent history? Website? Parent Company? Size of Company?)
Our Client is a financial services company that provides clearing, settlement, custody, and risk management services for securities transactions.
Why You’ll Love This Job
As a PKI & Secrets Security Architect in the Cybersecurity Architecture Center of Excellence, your responsibilities include a comprehensive review of the existing public key infrastructure and secrets management capabilities for on-premises, client, and cloud. You will also influence changes in existing control standards, create new IT security standards that are easily consumed by stakeholders, create specific security patterns & diagrams, and own the relevant 3-year capability roadmap. This role will be key in ensuring a Security-First mindset during DTCC’s technology modernization journey.
Position Summary
- The primary focus areas for this position are the following:
- Produce security architecture deliverables as part of initiatives related to public key infrastructure (PKI) and secrets management.
- Proactively identify security gaps, propose solutions, and follow through with engineering teams for implementation.
- Be the subject matter expert for PKI and Secrets management through the enterprise.
- Inspire team members and junior staff to contribute new ideas and alternative approaches.
- Your Responsibilities
- Create and drive the internal and client PKI security capability roadmap within information technology & the respective IT stakeholders.
- Create and drive the secrets management capability roadmap within information technology & the respective IT stakeholders.
- Influence change of control policies with Technology Risk Management & build strong partnerships with IT Architecture & Application Development partners.
- Create IT security standards and drive best-practices which are easily consumed by IT stakeholders.
- Own the enterprise-wide PKI architecture including HSMs – Hardware Security Modules, CAs – Certificate Authorities, CLM – Certificate Lifecycle Management.
- Proactively identify access management gaps and partner with app dev teams for remediation
- Design processes and workflows for generation, rotation, and revoking certificates.
- Identify automation opportunities for certificate lifecycle.
- Act as the domain specialist to help guide and shape how certificate management services are enabled.
- Design new certificate management services, integrations, and technologies.
- Mentor junior security architects to enhance their security and architecture skills within the team.
- Maintain professional and technical process knowledge by keeping abreast of the changing security landscape within the technology industry and changes in cybersecurity frameworks.
- Create white papers and present in industry conferences to present thought leadership in the security field.
- Align risk and control processes into day-to-day responsibilities to monitor and mitigate risk; escalates appropriately.
- Specific Skills & Technologies
- Strong Information Security experience, specifically in PKI/Cryptography (on premise and cloud) & Secrets management.
- Solid working experience with certificate issuance ceremonies.
- In-depth knowledge of Certificate Lifecycle Management including certificate revocation list (CRLs) best practices.
- Working experience with 2+ vendors such as: Venafi, Hashicorp, Microsoft, Thales, Gemalto (SafeNet HSM), DigiCert, Hitachi (HiPAM).
- Experience in SSL certificate management concepts, processes, and solution management.
- Strong experience with Online Certificate Status Protocol (OCSP) infrastructure, Hardware Security Modules (HSM), CMS Enterprise, Venafi Trust Protection Platform, and Venafi TrustNet software suites.
- Experience in building Certificate Policy (CP) and Certificate Practice Statements (CPS).
- Solid experience with Python, networking fundamentals, OS (Windows/Linux) security.
- Experience with Information Security frameworks (e.g. ISO 27001 and NIST) & security architecture frameworks.
- Strong technical writing skills to support required documentation.
- Demonstrated ability to collaborate between product management, engineering, risk, and IT teams.
- Has strong communication skills with the ability to present in front of large audience.
Regards
Dipak Kumar
Sr. Executive - Recruitment
dipak@tekintegral.com | www.tekintegral.com
Desk: +1 (469) 983 – 0261 Ext No: 261
Mobile: (848) 600 0627
HQ: 500 N Central Expwy #500G Plano, TX USA 75074
The content of this email is confidential and intended for the recipient specified in message only. If you are not the intended recipient, you are not authorize to read, retain, copy, print, distribute or use this message. If you have received this email by mistake, please notify the sender and delete all copies of this email. If you do not wish to receive emails from us, please send an email at Remove@tekintegral.com with "Remove" in the subject line. We are sorry for the inconvenience it may have caused.