Logo
Saxon Global

Saxon Global is hiring: PKI Security Architect in Tampa

Saxon Global, Tampa, FL, United States


Must Have: EXTENSIVE PKI EXPERIENCE and Secrets MANAGEMENT EXPERIENCE

Client Details: Our Client is a financial services company that provides clearing, settlement, custody, and risk management services for securities transactions.

Job Description

Why You'll Love This Job:

As a PKI & Secrets Security Architect in the Cybersecurity Architecture Center of Excellence, your responsibilities include a comprehensive review of the existing public key infrastructure and secrets management capabilities for on-premises, client, and cloud. You will also influence changes in existing control standards, create new IT security standards that are easily consumed by stakeholders, create specific security patterns & diagrams, and own the relevant 3-year capability roadmap. This role will be key in ensuring a Security-First mindset during DTCC's technology modernization journey.

Position Summary:
  • The primary focus areas for this position are the following:
  • Produce security architecture deliverables as part of initiatives related to public key infrastructure (PKI) and secrets management.
  • Proactively identify security gaps, propose solutions, and follow through with engineering teams for implementation.
  • Be the subject matter expert for PKI and Secrets management through the enterprise.
  • Inspire team members and junior staff to contribute new ideas and alternative approaches.
Your Responsibilities:
  • Create and drive the internal and client PKI security capability roadmap within information technology & the respective IT stakeholders.
  • Create and drive the secrets management capability roadmap within information technology & the respective IT stakeholders.
  • Influence change of control policies with Technology Risk Management & build strong partnerships with IT Architecture & Application Development partners.
  • Create IT security standards and drive best-practices which are easily consumed by IT stakeholders.
  • Own the enterprise-wide PKI architecture including HSMs - Hardware Security Modules, CAs - Certificate Authorities, CLM - Certificate Lifecycle Management.
  • Proactively identify access management gaps and partner with app dev teams for remediation
  • Design processes and workflows for generation, rotation, and revoking certificates.
  • Identify automation opportunities for certificate lifecycle.
  • Act as the domain specialist to help guide and shape how certificate management services are enabled.
  • Design new certificate management services, integrations, and technologies.
  • Mentor junior security architects to enhance their security and architecture skills within the team.
  • Maintain professional and technical process knowledge by keeping abreast of the changing security landscape within the technology industry and changes in cybersecurity frameworks.
  • Create white papers and present in industry conferences to present thought leadership in the security field.
  • Align risk and control processes into day-to-day responsibilities to monitor and mitigate risk; escalates appropriately.
Specific Skills & Technologies:
  • Strong Information Security experience, specifically in PKI/Cryptography (on premise and cloud) & Secrets management.
  • Solid working experience with certificate issuance ceremonies.
  • In-depth knowledge of Certificate Lifecycle Management including certificate revocation list (CRLs) best practices.
  • Working experience with 2+ vendors such as: Venafi, Hashicorp, Microsoft, Thales, Gemalto (SafeNet HSM), DigiCert, Hitachi (HiPAM).
  • Experience in SSL certificate management concepts, processes, and solution management.
  • Strong experience with Online Certificate Status Protocol (OCSP) infrastructure, Hardware Security Modules (HSM), CMS Enterprise, Venafi Trust Protection Platform, and Venafi TrustNet software suites.
  • Experience in building Certificate Policy (CP) and Certificate Practice Statements (CPS).
  • Solid experience with Python, networking fundamentals, OS (Windows/Linux) security.
  • Experience with Information Security frameworks (e.g. ISO 27001 and NIST) & security architecture frameworks.
  • Strong technical writing skills to support required documentation.
  • Demonstrated ability to collaborate between product management, engineering, risk, and IT teams.
  • Has strong communication skills with the ability to present in front of large audience.