CA Administrator - PKI

Roles & Responsibilities

• Administer and maintain CAs, including Root and Intermediate CAs.

• Manage certificate lifecycle processes: issuance, renewal, revocation, and auditing.

• Implement and enforce certificate policies and practices in alignment with security standards.

• Monitor CA infrastructure for performance, availability, and security incidents.

• Collaborate with security, network, and application teams to support certificate-based authentication and encryption.

• Maintain documentation for CA configurations, procedures, and compliance audits.

• Support automation of certificate management using tools like Venafi, Certbot, or custom scripts.

• Ensure compliance with industry standards and internal security policies.

• Participate in incident response and troubleshooting related to certificate issues.

• Configure CDP (CRL Distribution Point) and AIA (Authority Information Access) URLs.

• Configure Policy Modules and Exit Modules to enforce certificate issuance rules and post-processing.

• Design and manage Certificate Enrollment components to manage smooth cert enrollment processes.

• Define Enrollment Agent (EA) restrictions to regulate certificate enrolment delegation.

• Define and maintain roles for Certificate Managers, Key Recovery Agents (KRAs), and other CA Administrators.

• Enable, publish, and configure the CRL (Certificate Revocation List) schedule to ensure timely revocation updates.

• Start and stop PKI component services as needed for maintenance or troubleshooting.

• Configure Audit parameters to ensure logging of critical CA operations and support compliance reviews.

Qualifications:

• Bachelor s / Masters degree in Computer Science, Information Security, or related field.

• 5-8 years of experience in CA administration or PKI infrastructure management.

• Understanding of cryptographic protocols like RSA / ECC, security protocols and standards like TLS/SSL, X.509, S/MIME.

• Knowledge of Network Security, Microsoft Active Directory, Power Shell Scripting, REST API is desirable.

• Proficiency in scripting languages (PowerShell, Python) for automation and reporting.

• Familiarity with identity and access management (IAM) and secure authentication protocols.

• Knowledge of security frameworks and compliance requirements.

• Excellent problem-solving and communication skills.

• Certifications such as CISSP, CISM, or Microsoft Certified: Identity and Access Administrator.

• Experience with cloud-based certificate management (e.g., GCP KMS, Azure Key Vault).

• Exposure to enterprise security tools and SIEM platforms.

Location:

India - (Flexible hybrid work model - work from Bangalore office for 20 days in a quarter)