Role Description
The Senior Security Engineer will be responsible for leading and managing Identity, PKI, and Cryptographic Security solutions across enterprise-scale environments. This role involves hands-on administration, design, and integration of Saviynt IGA, PKI infrastructure, and data encryption platforms to ensure compliance, security, and operational excellence.
Key Responsibilities
Identity & Access Management (Saviynt IGA)
- Lead end-to-end administration of Saviynt IGA, including Joiner–Mover–Leaver (JML) lifecycle, access provisioning, and de-provisioning.
- Design and implement workflows, Segregation of Duties (SoD) controls, risk policies, and access certifications.
- Onboard new applications, configure connectors, and manage integrations with AD, Azure AD, and downstream systems.
- Conduct periodic access reviews, manage attestation campaigns, and ensure compliance with SOX and GDPR (UK) standards.
- Troubleshoot complex provisioning failures and reconciliation issues with application teams.
Public Key Infrastructure (PKI) & Certificates
- Manage internal Certificate Authority (CA) operations, including certificate issuance, renewal, revocation, and auditing.
- Handle CRL/OCSP configuration, certificate templates, and key archival processes.
- Ensure PKI availability and compliance; integrate with AD, network devices, web servers, and application gateways.
- Coordinate PKI design improvements, CA migrations, and infrastructure transitions.
- Administer external SSL/TLS certificates via Sectigo (or equivalent tool).
- Integrate certificates across servers, load balancers, WAF, and application endpoints.
- Automate certificate enrollment and renewal processes.
- Support transitions from external certificate providers (e.g., Sectigo) to internal PKI systems.
Encryption & Data Protection (Voltage SecureData)
- Administer Voltage SecureData for encryption, tokenization, and masking of sensitive data (PII, payment data).
- Support application teams with encryption/decryption and key management.
- Ensure compliance with enterprise data protection and regulatory standards.
- Troubleshoot encryption failures and token retrieval issues.
Operational Excellence
- Drive identity security enhancements, audit readiness, and continuous improvement.
- Participate in incident, change, and problem management (aligned with ITIL processes).
- Prepare technical documentation including runbooks, architecture diagrams, migration plans, and RCA reports.
- Participate in critical incident (P1/P2) and CAB calls; manage change requests and Go/No-Go decisions.
- Ensure high availability and governance of identity and encryption platforms.
Organizational Skills
- Ability to lead technical security services independently and ensure reliable delivery.
- Experience working with global teams and cross-functional stakeholders.
- Strong adherence to ITIL processes and change control governance.
- Skilled in documentation and reporting using tools like ServiceNow, Confluence, and Excel.
Personal Skills
- Excellent communication and stakeholder management skills.
- Strong analytical and troubleshooting mindset.
- Demonstrated leadership in mentoring and supporting junior engineers.
- Ownership-driven, proactive, and continuously learning.
Technical Skills
- Saviynt IGA: RBAC, workflows, connectors, SoD, certifications.
- PKI & Certificates: CA hierarchy, CRL/OCSP, SSL/TLS lifecycle management.
- Sectigo (or equivalent): External certificate provisioning and automation.
- Voltage SecureData: Tokenization, encryption, key management.
- Security Protocols: Kerberos, NTLM, TLS, Mutual Authentication.
- IAM Integrations: On-prem and cloud application integrations.
Experience
- 5–8 years in Identity Security, PKI, Federation, or Encryption Services.
- Minimum 2 years’ hands-on experience in Saviynt, PingFederate, or PKI infrastructure support.
- Proven experience managing enterprise certificate lifecycles and IAM platform integrations.
- Involvement in onboarding, migration, or transition projects for IAM/PKI platforms.
Preferred Certifications
- Microsoft Certified: Identity and Access Administrator Associate
- Certified Encryption Specialist (Voltage or equivalent)
- Sectigo / PKI Certification (desirable)
- ITIL Foundation (preferred)
Skills
IAM,PKI Infrastructure,Security Services
