TL,SE (PKI ,SSL/TLS,code signing certificates,load balancer, servers, and web service layers.)

Vertafore is looking for a PKI (Public Key Infrastructure) Engineering Technical Lead to join our SaaS Operations organization in Hyderabad, India. The role will be primarily focusing on Public Key Infrastructure (PKI), Digital certificates Lifecycle management at the infrastructure and application layers. The successful candidate will report to the Director of SaaS Operations.
Core Requirements and Responsibilities:

• • Lead to design, configuration and implementation of PKI Solutions across various environments.
• • Extensive experience in PKI architecture design and resolving cross-domain issues.
• • Oversee the maintenance and upgrade of PKI Systems, ensure they meets security standards and best practices.
• • Automation of TLS certificates lifecycle, including discovery, issuance, renewal, and revocation.
• • Automation of code signing processes by integrate with CI/CD Pipelines to prevent unauthorized code execution and ensure secure software distribution.
• • Automation skills using machine identity management software involve using various tools and features to streamline and secure the management of machine identities.
• Software like Venafi TPP, Keyfactor Certificate Lifecycle Management (CLM), Digicert One automation and Cloud PKI.
• • Troubleshoot and resolve complex PKI-related issue.
• • Ensure timely renewal of all root and intermediate certificates and verify that the newly copied certificates are trusted and do not cause any cross-domain communication issues.
• • Collaborate with Product development teams and Partners to define standards and best practices for PKI implementation.
• • Manage the operations of hardware security modules (HSMs) and key management systems.
• • Ensure compliance with relevant security policies and regulations provided CA/Browser Forum and FIPS standards.
• • Identify and document PKI requirements and new findings for all infrastructure devices and software within the company.
• • Ability to support and manage PKI-related security incidents and prepare Root Cause Analysis (RCA) documents.
• • Collaborate with the vendor and other technical teams as required to reach resolutions on any issues related to digital certificates.
• • Stay abreast with the latest security and compliance matters related to digital certificates.
• • Perform a regular audit or SSL certificates to ensure all devices and applications making the most secure communications based on industry standards.
• • Provide consultations on best practices using the SSL/TLS encryption protocols.
• • Strong knowledge of ServiceNow ticketing, change creation, addressing tickets promptly and generating and tracking team productivity reports.
• • Strong understanding skills of ADFS and Oracle Access Gateway integration across multiple application configurations to ensure robust security.
• • Understanding of the principles of both cloud technologies and on-prem application security, including public key infrastructures.

Knowledge, Skills, and Abilities:

• • Knowledge in Cryptography and Security, including PKI, digital signatures, HSMs, and machine identity protection systems, cryptographic APIs (PKCS#11, OpenSSL,...)
• • Scripting languages (Python, PowerShell, Bash) for automation of PKI-related tasks.
• • Strong leadership, organizational abilities, and the capacity to work well under pressure.
• • Experience with Windows servers AD FS, Certificate Authority (CA), IIS, GPO, and PowerShell.
• • Experience with Linux, Apache, Tomcat, Nginx.
• • Experienced with PingId, F5 Volterra, Citrix NetScaler and relevant technologies.
• • Strong experience in managing and renewing digital certificates on Web Servers.
• Strong experience in managing code signing process
• • Possess good systems administration skills on Windows and Linux with the ability to effectively navigate on both operating systems to perform tasks or troubleshooting.
• • Capable in automating monitoring and installation of digital certificates using any scripting tools such as but not limited to PowerShell and Bash scripting.
• • Good communication skills and ability to interact with others professionally.
• • Ability to conform to defined processes.
• • Ability to be on call to respond to any related incidents.

Qualifications:

• • 6 or more years of experience in PKI technology.
• • Bachelor of Science in Computer Science, Business Information Engineering, or established professional with equivalent experience.
• • Certifications: DigiCert Digital Trust Associate or specialized PKI certifications.
• • Advanced certifications such as CISSP, or other relevant certifications (preferred).
• • Must have exposure and experience with AWS (preferred) or other cloud provider.

Additional Requirements and Details:

• • May require to work odd hours/rotation shifts to provide certificate and encryption service support Need to be flexible to work over weekends to complete maintenance activity.

Why Vertafore is the place for you: *Canada Only

• The opportunity to work in a space where modern technology meets a stable and vital industry
• Medical, vision & dental plans
• Life, AD&D
• Short Term and Long Term Disability
• Pension Plan & Employer Match
• Maternity, Paternity and Parental Leave
• Employee and Family Assistance Program (EFAP)
• Education Assistance
• Additional programs - Employee Referral and Internal Recognition

Why Vertafore is the place for you: *US Only

• The opportunity to work in a space where modern technology meets a stable and vital industry
• We have a Flexible First work environment! Our North America team members use our offices for collaboration, community and team-building, with members asked to sometimes come into an office and/or travel depending on job responsibilities. Other times, our teams work from home or a similar environment.
• Medical, vision & dental plans
  • PPO & high-deductible options
• Health Savings Account & Flexible Spending Accounts Options:
  • Health Care FSA
  • Dental & Vision FSA
  • Dependent Care FSA
  • Commuter FSA
• Life, AD&D (Basic & Supplemental), and Disability
• 401(k) Retirement Savings Plain & Employer Match
• Supplemental Plans - Pet insurance, Hospital Indemnity, and Accident Insurance
• Parental Leave & Adoption Assistance
• Employee Assistance Program (EAP)
• Education & Legal Assistance
• Additional programs - Tuition Reimbursement, Employee Referral, Internal Recognition, and Wellness
• Commuter Benefits (Denver)

The selected candidate must be legally authorized to work in the United States.
The above statements are intended to describe the general nature and level of work being performed by people assigned to this job. They are not intended to be an exhaustive list of all the job responsibilities, duties, skill, or working conditions. In addition, this document does not create an employment contract, implied or otherwise, other than an "at will" relationship.
Vertafore strongly supports equal employment opportunity for all applicants regardless of race, color, religion, sex, gender identity, pregnancy, national origin, ancestry, citizenship, age, marital status, physical disability, mental disability, medical condition, sexual orientation, genetic information, or any other characteristic protected by state or federal law.
The Professional Services (PS) and Customer Success (CX) bonus plans are a quarterly monetary bonus plan based upon individual and practice performance against specific business metrics. Eligibility is determined by several factors including: start date, good standing in the company, and actives status at time of payout.
The Vertafore Incentive Plan (VIP) is an annual monetary bonus for eligible employees based on both individual and company performance. Eligibility is determined by several factors including: start date, good standing in the company, and actives status at time of payout.
Commission plans are tailored to each sales role but common components include quota, MBO's and ABPMs. Salespeople receive their formal compensation plan within 30 days of hire.
Vertafore is a drug free workplace and conducts preemployment drug and background screenings.
We do not accept resumes from agencies, headhunters or other suppliers who have not signed a formal agreement with us.
We want to make sure our recruiting process is accessible for everyone. if you would like to contact us regarding the accessibility of our website or need assistance completing the application process, please contact [email protected]
Just a note, this contact information is for accommodation requests only.