Security Public Key Infrastructure (Certificate Authority) Associate Specialist

  • Company: PepsiCo
  • Posted: May 04, 2016
  • Reference ID: 92242BR
The Certificate Authority/PKI Engineer will be part of Global Certificate Authority (CA) team responsible for ensuring that all communications between servers & devices/applications/systems are secure. This includes managing the services with an understanding of the infrastructure (hardware, software (CA, HSM), design/architecture, data centers, networks, ports, and load balancers), and how all the components interact together. This role will design, configure, implement, support, resolve complex issues, govern and enhance CA/PKI, HSM, and the Certificate Services. The position will be responsible for the certificate authority (CA) that both issues and verifies the digital certificates. The role will also be responsible for day-to-day operations, maintenance, governance and reporting of CA/PKI/HSM environments including on-call support globally. The role will partner with application and system teams to on-board new entities with certificates and support existing implementations.
  • Partner with manager to define and keep the strategy for Certificate Services
  • Proactively and independently drive projects and support of certificate services projects and operation support
  • Define tactical plans from the strategy and implement them globally
  • Determine and refine overtime endpoints that will have certificates
  • Technically own the development, implementation, support and growth of certificate services globally
  • Technical subject matter expert for certificate services, HSM, KCLM solutions and support technologies
  • Partner with Enterprise Architecture to define and design solutions
  • Mentor the work of other team members
  • Partner with teams globally to implement/renew certificates
  • Work with Operational team(s) in driving the understanding of technical requirements for certificate management and ensure the right architecture/design is implemented to enable the business, use cases. Ensure solution satisfy security audit/compliance and control needs
  • Specifying guidelines and supporting processes for integration, administration and maintenance
  • Technical leadership of multiple projects and meet deadlines
  • Communication and presentation of complex IT information in a clear, concise, persuasive manner
  • Define and implement governance for certificate services area globally
  • Developing general purpose services, usable by a variety of authorized systems and applications
  • Customization of any product functionality to fulfil requirements that cannot be met with standard out-of-box functionality
  • Interact with application teams that manage major user repositories and/or need to automate/standardize user access request process, gather requirements, design and deliver solution to integrate with related PepsiCo security projects
  • Gather requirements and Guide / recommend the right integration pattern for applications needing services, taking into consideration the impact to the environment and standards set in PepsiCo
  • Recommend improvements, corrections, remediation or requirements for associated projects
  • Create and maintain documentation for security related activities and metric reporting
  • Advocate secure computing practices and procedures, and communicate Information Security best practices throughout the company
  • Ability to troubleshoot complex issues and resolve issues quickly identifying the best option in an emergency situation
  • Ability to work with different teams and interact with technical and business folks across the Enterprise
  • Provide full life cycle systems development services for certificate services and supporting technologies


  • Bachelor's degree or number of years of experience as alternate
  • 5-7 years of experience with an enterprise level IT environment
  • 6+ years of experience in monitoring, developing and implementation of information security systems
  • Experience maintaining and operating the Public Key Infrastructure
  • Experience maintaining, installing, and upgrading certificates from Enterprise Certificate Authorities
  • Strong Unix Bash shell scripting experience
  • Prior experience working with PKI discovery and management platform such as Venafi Enterprise Director
  • Prior experience with Vormetric file level encryption and tokenization technologies
  • Working understanding of Asymmetric & Symmetric Key Cryptography
  • Working understanding of Encryption, Hashing and Digital Signatures
  • Understanding of PKI Policy, Life Cycle management and Auditing of PKI Infrastructure
  • Experience with Private Key Protection Safenet or Thales Hardware Security Modules (HSMs)
  • Experience with Certificate Policies and Certification Practice Statements
  • Understanding of how PKI is integrated into HSM and Key Management for some of the following:
    • Basic TLS Encryption
    • Brocade Load Balancers
    • IBM WebSEAL
    • IBM DataPower
    • BlueCoat
    • Web Servers (e.g., Apache and IIS)
    • SSH
    • SAML Gateways (3rd Party)
    • Splunk
    • Ironport for Email
    • Cisco Content Switches
    • Active Directory Certificate Services (ADCS)

Relocation Eligible

Not Eligible for Relocation

Share this Job