GMS-Staff-PKI

Managed Service – IAM MS – PKI (MS PKI / Venafi) Staff

Key Requirements / Responsibilities:

• Assist in day-to-day operations of Microsoft PKI infrastructure, including the Root CA and Issuing CAs.
• Support certificate lifecycle management processes using Venafi, including discovery, issuance, renewal, and revocation.
• Manage certificate templates, CRL distribution, AIA locations, and related configurations for ADCS.
• Help automate certificate operations using PowerShell or Venafi workflows.
• Troubleshoot certificate enrollment issues across various platforms (Windows, Linux, network devices).
• Monitor PKI system health, certificate expiration, and potential vulnerabilities.
• Collaborate with application and platform teams to onboard services into Venafi for automated certificate management.
• Ensure compliance with cryptographic policies and audit requirements related to key usage and certificate issuance.
• Provide operational support during certificate-related incidents and outages.
• Participate in security assessments and internal audits involving PKI controls.
  

Relationships:

Education:

Work Experience:

Skills Expertise

• Strong understanding of Microsoft PKI (ADCS), including Root and Issuing CA management, templates, key archival, and CRL management.
• Hands-on experience with Venafi Trust Protection Platform for certificate lifecycle automation.
• Familiarity with TLS/SSL certificate standards (X.509), key algorithms, and security best practices.
• Understanding of certificate-based authentication mechanisms and their integration with enterprise platforms.
• Basic scripting knowledge (e.g., PowerShell) for certificate automation and reporting.
• Experience integrating Venafi with load balancers, web servers, and applications.
• Good troubleshooting skills for resolving certificate errors and enrollment failures.
• Effective communication and collaboration skills to engage with internal and external stakeholders.
• Strong attention to detail and documentation practices for audit readiness and governance.
  

Good to have:

• Familiarity with Key Management concepts, digital signatures, and HSMs.
• Knowledge of integrating PKI with platforms like ADFS, Azure AD, or VPN appliances.
• Understanding of Certificate Policy and Certificate Practice Statements (CP/CPS).
  

Certification:

• Azure Fundamental (Az-900) (Good to have)
• Venafi Certified Administrator (Good to have)
• Microsoft Identity and Access Administrator (Sc-300) (Good to have)
  

Work Requirements:

• Willingness to be on call support engineer and work occasional overtime as required
• Willingness to work in 24*7 rotational shifts as required
  

EY | Building a better working world