Staff Infosec Engineer
Gap
About the Role
Job Description SummaryPKI /PAM Engineer is responsible for designing, implementing, and managing PKI infrastructure, including the issuance, renewal, and revocation of digital certificates. The PKI/PAM Engineer will also be responsible for utilizing Secrets management tools in accordance with established policies and industry standards for Privileged Access Management (PAM), ensuring secure handling and compliance with best practices. The engineer will work closely with product teams to develop tailored PKI solutions for secure communication and data protection throughout the development lifecycle.
What You'll Do
Design, implement, and manage PKI infrastructure, ensuring alignment with organizational security policies.
Manage the lifecycle of Root and Intermediate Certificate Authorities (CAs), ensuring adherence to cryptographic best practices.
Automate certificate lifecycle processes including enrollment, renewal, and revocation, using scripts and tools like Venafi or similar Certificate Lifecycle Management (CLM) solutions.
Troubleshoot and resolve certificate-related issues across systems and applications
Integrate certificate management solutions with product-specific requirements, ensuring secure communication and data protection.
Collaborate with product teams to develop tailored PKI solutions that seamlessly integrate into development workflows.
Scripting and automation skills for certificate management (e.g., python, Bash, powershell or similar).
Set up monitoring for certificate expiration, errors, and compliance across the environment, ensuring proactive mitigation of risks.
Stay up to date with the latest PKI trends, vulnerabilities, and cryptographic standards.
Develop and maintain tools and scripts (using OpenSSL, Keytool, REST APIs, SCEP, ACME, EST) for managing certificates and keys across a wide range of environments.
Work with product teams and vendors to address issues related to the infrastructure, functionality, upgrades, and configurations of Secrets Management tools.
Who You Are
Expertise in working with various certificate formats (PEM, DER, PFX, JKS).
Familiarity with Cloud Providers, particularly Azure, to integrate PAM and Secrets Management solutions into cloud-based environments.
Good to have knowledge on container orchestration tools like Kubernetes.
Ability to write custom scripts (Shell, Python) leveraging APIs for automating PAM tasks such as account onboarding, privileged access management, and integration with other tools.
Solid understanding and Hands-on experience of configuration management tools like Chef and DevOps principles, including Source Code Management (SCM) using tools like GitHub, and continuous integration solutions such as Jenkins, and GitHub Actions.
Experience with REST APIs for integration of certificate management systems.
Solid understanding of digital signatures, encryption, and public-key cryptography principles.
Expertise in Secrets Management tools, with a focus on HashiCorp Vault or similar products, including integrating it into DevOps workflows for managing credentials, certificates, SSH keys, API keys etc.
Experience with Delinea Secret Server or similar products is a plus
Ability to design and implement security solutions based on PAM and Secrets Management tools tailored to product team needs.
Proficient in managing Windows and Linux servers, particularly in relation to Secrets management implementations and access control.