Public Key Infrastructure Senior Engineer - RDT Identity & Access Management

At Roche you can show up as yourself, embraced for the unique qualities you bring. Our culture encourages personal expression, open dialogue, and genuine connections,  where you are valued, accepted and respected for who you are, allowing you to thrive both personally and professionally. This is how we aim to prevent, stop and cure diseases and ensure everyone has access to healthcare today and for generations to come. Join Roche, where every voice matters.

At the heart of our digital security is the trust we build through encrypted communication. As a PKI Senior Engineer, you will join our Identity and Access Management (IAM) team to lead the design and evolution of our global PKI strategy, moving us away from manual interventions toward a fully orchestrated, "zero-touch" certificate lifecycle. As a senior member of the team, you will bridge the gap between traditional security infrastructure and modern DevOps practices, ensuring that security is a frictionless part of our deployment pipeline.

The Opportunity

PKI Architecture & Infrastructure

• Design and maintain the Microsoft AD CS architecture (Root, Policy, and Issuing CAs), ensuring high availability and secure HSM (Hardware Security Module) integrations
• Lead the enterprise-wide implementation of Keyfactor Command, configuring advanced discovery, automated alerts, and self-service certificate portals
• Architect and implement ACME-based orchestration for automated certificate renewals across Kubernetes, cloud instances, and legacy on-prem systems
• Manage business analysis activities on complex projects across multiple security domains, handling ambiguous requirements and navigating intricate stakeholder environments

Automation & DevOps Integration

• Develop and maintain robust automation workflows using Version Control and CI/CD pipelines to integrate certificate issuance directly into the software development lifecycle
• Mentor junior staff and lead the transition toward Infrastructure as Code (IaC) for all PKI deployments
• Build custom API integrations with Keyfactor, GitHub, and cloud platforms using PowerShell, Python, or Go

Subject Matter Expertise & Incident Management

• Act as the subject matter expert (SME) for certificate-related incidents, providing root-cause analysis and long-term remediation strategies
• Independently lead the analysis of complex cybersecurity incidents and vulnerabilities
• Demonstrate strong accountability through security incident leadership and project ownership

Strategic Stakeholder Engagement

• Identify a diverse range of security stakeholders across functional areas and effectively manage relationships to build reliance through deep business and technical understanding
• Act as a strategic influencer, defining and driving stakeholder engagement strategies for complex initiatives
• Facilitate workshops, resolve conflicts, and proactively shape stakeholder perspectives to align with project goals
• Serve as a trusted advisor to internal stakeholders

Requirements Definition & Consultation

• Consult with internal stakeholders to define security requirements for code signing, SSH key management, and IoT device identity
• Translate requirements into strategic implementation plans that align with overall business objectives
• Proactively contribute to Communities of Practice (CoPs) and organizational development initiatives

Who You Are

Experience & Education

• 7+ years of experience in Security, PKI, or Identity Management with a proven track record of managing enterprise-scale environments
• Bachelor's Degree in Computer Science or a related technical field
• Certified Information Systems Security Professional (CISSP) preferred
• Demonstrated ability to independently manage end-to-end security analysis tasks and lead complex cybersecurity initiatives
• Proven track record of effectively managing relationships with diverse cross-functional stakeholders on medium to large-sized engagements

Technical Expertise

• Advanced knowledge of Keyfactor Command or similar Certificate Lifecycle Management (CLM) platforms
• Advanced knowledge of Microsoft AD CS and its integration with modern identity providers
• Strong experience with ACME, SCEP, or EST protocols for automated enrollment
• Skilled in PowerShell, Python, or Go for building custom API integrations
• Experienced in using GitHub as a primary tool for configuration management and CI/CD orchestration
• Experience with Cloud PKI (AWS Private CA, Azure Managed HSM, or Google CAS)
• Strong proficiency with version control systems (Git), CI/CD pipelines, and secure code deployment
• Understanding of Zero Trust principles, authentication factors, and cryptography
• Advanced analytical and logical reasoning skills to identify security patterns, threats, and discrepancies

Professional Qualities

• Strong analytical and innovative problem-solving skills with a focus on continuous solution refinement
• Excellent communication skills; able to convey technical concepts to diverse audiences
• Demonstrated success working collaboratively in Agile environments and contributing to cross-functional teams
• Proven ability to mentor colleagues with less experience and provide guidance on cybersecurity best practices
• Proactive contributor to organizational development with a focus on process improvements
• Ability to manage complex projects with strategic thinking and long-term vision

If you are a seasoned PKI professional ready to transform our certificate lifecycle management and lead the evolution of our security infrastructure, we'd love to hear from you. This role offers the opportunity to make a strategic impact on global security operations while mentoring the next generation of security leaders.

Relocation benefits are not available for this job posting.

A healthier future drives us to innovate. Together, more than 100’000 employees across the globe are dedicated to advance science, ensuring everyone has access to healthcare today and for generations to come. Our efforts result in more than 26 million people treated with our medicines and over 30 billion tests conducted using our Diagnostics products. We empower each other to explore new possibilities, foster creativity, and keep our ambitions high, so we can deliver life-changing healthcare solutions that make a global impact.

Let’s build a healthier future, together.

Roche is an Equal Opportunity Employer.