Cyber Security Engineer

Role & responsibilities

The Cyber Security Technology Key and Certificate Engineer position at Ally is a member of the Information Protection and Risk Management (IPRM) team and reports to a Manager of Cyber Security Technology. The engineer works with a team to implement technical controls and tools to meet specific security requirements and defines processes and standards to ensure that security configurations and tools are maintained.

The Certificate Management Engineer is a subject matter expert (SME) in engineering solutions for Allys key and certificate management program. The engineer will be responsible for ongoing incremental engineering required to continuously achieve the best coverage and operation of the technology and will assist in troubleshooting system degradations and outages if required. The primary responsibilities of the role will involve the following:

The Work Itself

• Engineering aspects of the company’s Public Key Infrastructure (PKI) including:
• Internally and externally hosted Certification Authorities (CAs) and Registration Authorities
• Centralized key and certificate management
• Assist in the design, test, implement changes/additions to the public key and certificate management infrastructures.
• Assist in management of Hardware Security Modules (HSM) for cryptographic key management.
• Assist critical stakeholders on the lifecycle of public and private/internal TLS certificates.
• Interface with vendors via support cases and troubleshooting certificates and key-related issues.
• Ability to create and maintain system documentation for key and certificate management. technologies, including installation, configuration, and appropriate troubleshooting steps.
• Participate in sprint planning, backlog refinement, and additional agile ceremonies with Scrum Masters.

The Skills You Bring

• Experience engineering and management of the Venafi Trust Protection Platform (TPP)
• PKI and Cryptography methods both on premise and cloud
• Certificate Authority providers (e.g., Microsoft CA, Entrust, DigiCert)
• Key and Certificate Management Platforms
• PKIs – specifically Microsoft ADCS and Entrust MSO
• Ability to troubleshoot customer-reported issues in certificate management.
• Experience with cryptography, HSMs, and Linux-based operating systems.
• Ability to configure, manage, and ensure compliance of HSM technologies.

Preferred Qualifications

• 3+ years’ experience with the Venafi Trust Protection Platform (TPP)
• 3+ years’ experience supporting certificate authorities (Entrust or the Microsoft ADCS)
• 3+ years’ experience supporting Hardware Security Modules platforms.
• Must be willing to work after-hours and weekends when technical issues arise which require immediate resolution.
• Strong analytical, technical writing and verbal communication skills
• A strong customer/client focus with ability to manage expectations appropriately and provide superior customer/client experience and build long-term relationships.