PKI Digital Certification with (Venafi/Primekey/ Keyfactor/ EJBCA)

Overall - At least 8+ years of experience in performing Digital Certificate Management Operations including:

1. Core PKI & Security Skills

● Advanced understanding of X.509 certificates, CRLs, OCSP, and complex CA hierarchies (root, intermediate, issuing).

● Expertise in certificate lifecycle management at scale, cross-certification, and trust model architectures.

● Strong cryptographic knowledge including symmetric/asymmetric encryption, digital signatures, and hashing algorithms.

● Proven experience with key management policies covering generation, escrow, rotation, and secure destruction.

● Demonstrated ability to lead complex PKI operations and guide junior team members.

● Excellent collaboration skills working with security, DevOps, infrastructure, and application teams. ● Operationalize secure PKI systems integrated with IAM, SSO, MFA, and compliant with standards such as NIST, FIPS 140-2, and ISO 27001.

● In-depth knowledge of networking protocols relevant to certificate distribution and validation: SSH, TLS/SSL, HTTPS, S/MIME, IPsec, VPNs, DNS, LDAP, HTTP.

● Proven experience leveraging automation for certificate lifecycle management using scripting tools like PowerShell and Python

2. Tools & Technologies:

● Hands-on experience with OpenSSL, Keytool, Certutil.

KeyFactor, Venafi, HashiCorp Vault, and EJBCA.

● Experience managing Hardware Security Modules (HSMs) such as Thales and SafeNet.

● ACME protocol for automated certificate lifecycle management

3. Monitoring, Logging and Compliance:

● Lead and Operationalize certificate expiration monitoring and alerting systems to prevent outages.

● Maintain thorough logging and auditing of all certificate operations for security and compliance purposes.

● Proven ability to troubleshoot complex certificate-related issues across diverse platforms.

● Strong documentation skills to support audit readiness and operational transparency.

4. Automation

● Python with libraries like cryptography, pyOpenSSL, requests, subprocess for PKI automation and API integration.

● PowerShell for Windows PKI environments (e.g., AD CS).

● Bash scripting for Linux-based PKI tools and OpenSSL automation.

● Java for working with PKI tools such as EJBCA and integrations like HashiCorp Vault.

● Other automation tools: Ansible, Terraform, and CI/CD systems (GitHub Actions, Jenkins).

● RESTful API integrations for DigiCert, HashiCorp Vault, and ACME protocol platforms.

Desirable skills:

● Bachelor's or master's degree in computer science, mathematics, information systems, engineering, or cybersecurity. ● Industry certifications such as CEH, CISSP, SANS and/or other relevant certifications