Role Summary The PKI Certificate Lifecycle Management (CLM) Engineer / Architect is responsible for the design, implementation, enablement, and ongoing operation of enterprise PKI and certificate lifecycle management solutions. This role will support a long‑term, multi‑phase PKI improvement initiative, focused on implementing and operationalising DigiCert One (SaaS) to improve certificate governance, automation, and compliance across the organisation. The role will work closely with security, infrastructure, and application teams throughout phases of the program, while also providing BAU and operational support once the platform is live. Key Responsibilities ∙ Lead the enablement, configuration, and operation of PKI Certificate Lifecycle Management (CLM) solutions in a SaaS environment ∙ Design, build, and configure DigiCert One , including account setup, environment creation, and tenant configuration ∙ Implement and manage DigiCert One Trust Lifecycle Manager (TLM) for certificate issuance, renewal, and revocation ∙ Design, implement, and maintain enterprise Public Key Infrastructure (PKI) and Certificate Lifecycle Management (CLM) solutions ∙ Configure and administer PKI platforms to ensure secure certificate issuance, renewal, revocation, and compliance ∙ Support the ongoing operation and availability of certificate management services across the enterprise ∙ Develop and maintain PKI policies, standards, and procedures aligned to security and compliance requirements ∙ Work closely with application, infrastructure, and security teams to support certificate‑based authentication and encryption use cases ∙ Perform certificate lifecycle operations, including key management, certificate rotation, and expiration management ∙ Monitor PKI systems for performance, availability, and security issues ∙ Troubleshoot and resolve certificate‑related incidents, outages, and configuration issues ∙ Maintain technical documentation, runbooks, and operational procedures for PKI services ∙ Ensure compliance with internal security standards and external regulatory requirements related to cryptography and certificates ∙ Support audits, security reviews, and risk assessments relating to PKI and certificate usage ∙ Provide technical guidance and subject‑matter expertise on PKI best practices and industry standards Required Skills & Experience ∙ Strong expertise in Public Key Infrastructure (PKI) and Certificate Lifecycle Management (CLM) concepts and operations ∙ Hands‑on experience with DigiCert One, including Trust Lifecycle Manager (TLM) ∙ Proven experience managing the full certificate lifecycle, including issuance, renewal, revocation, and expiration management ∙ Solid understanding of X.509 certificates, TLS/SSL, key pairs, and cryptographic algorithms ∙ Experience supporting enterprise‑scale PKI environments across hybrid (on‑prem and cloud) infrastructures ∙ Familiarity with certificate discovery, automation, and governance frameworks ∙ Strong troubleshooting skills for certificate‑related issues impacting applications, endpoints, and infrastructure ∙ Experience working with Windows and Linux operating systems in secure environments ∙ Understanding of security controls, encryption standards, and compliance requirements related to PKI Education & Certifications ∙ Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or a related field (or equivalent practical experience) ∙ Preferred certifications: · DigiCert Certified Professional (or equivalent PKI certification) · Microsoft, AWS, or Azure security certifications with PKI focus · CompTIA Security or equivalent cybersecurity certification · CISSP, CISM, or CCSP is a plus Preferred Skills ∙ Experience with certificate automation tools, APIs, and scripting (e.g., PowerShell, Python, REST APIs) ∙ Familiarity with hardware security modules (HSMs) and key protection mechanisms ∙ Knowledge of cryptographic standards and regulations (e.g., NIST, ISO, CIS benchmarks) ∙ Experience supporting certificate‑based authentication for applications, devices, and services ∙ Exposure to vulnerability management, encryption compliance, or zero‑trust initiatives ∙ Ability to work effectively with application, infrastructure, and security teams in large enterprises
