ITmPowered, LLC
ITmPowered, LLC is hiring: PKI Security Engineer in Denver
ITmPowered, LLC, Denver, CO, United States
PKI Security Engineer
The PKI Security Engineer will work with the PKI Architect in the design, engineering, implementation, and administration of an enterprise PKI including Venafi TPP CLM platform, Certificate Automation, HSM Hardware Security Modules with MofN design, CA Template Design, and PKI operation aligned to CP/CPS documentation.
Primary responsibilities:
Engineering and Administration of Key Vaults, Cryptographic and PKI Services
Venafi Engineering and Administration of Certificate Lifecycle Management Services and infrastructure
Venafi TPP Engineering - Policy folder design
Engineering of Venafi Certificate discovery scanning / agent, OS / F5 base-lining and agent tuning.
Certificate ingestion, preliminary association, and migration into end state certificate policy folders and management levels (provisioning, enrollment, monitoring).
Enable adoption of Venafi automation - Provisioning, Enrollment, Monitoring. Support users of company Venafi Trust Protection Platform (Venafi TPP). PKI certificate management training for TPP users.
Provide consulting to business users on certificate renewals (binding), CSR's, Venafi Certificate management levels, encryption type/strength, etc.
Organize Venafi TPP user and administrative documentation for company implementation.
HSM Engineering and Administration of Encryption and Key Management Services and infrastructure.
HSM's - configure, deploy, and maintain Hardware Security Modules (HSM's) for highest level of private key protection and security. Utilizing MofN design, operation, logging and audit compliance. Generate, maintain, and destroy cryptographic keys of various lengths and types using HSM.
CA - Certificate Authorities - Maintain Windows Server 2016, 2012 ADCS, CA Templates, Issuing CA's, etc.
CRL Management and automation with OCSP responders.
Process management/implementation for PKI, Cryptography, and Hardware Security Modules (HSM).
Liaising with technology teams ServiceNow admins, Network, Sys Admins, Cyber, IAM, GRC, Audit.
Qualifications Education: Bachelor's Degree (required). Master's preferred.
5-10 years of experience in IT monitoring, implementing, and integrating IT security systems.
5+ years of PKI operation; Certificate Management, Venfi CLM, HSM's, CRL, OCSP responders, etc.
3+ years Venafi Engineering, Implementation, administration (19.x, 18.x) - policy Folder Design, Deployments, Upgrades, Scanning, Agent tuning,
SSL certificate automation Provisioning, Enrollment, Monitoring using Venafi.
Venafi Certified Administrator (VSA) or Venafi Security Professional (VSP)
HSM experience with (Gemalto, Thales, nCipher, Luna or similar HSM). Understands MofN operation.
Strong working experience with PKI infrastructure (Certificate Authorities (Root / Issuing), Registration Authority, Certificate trust chains and Certificate Revocation Lists).
Fluent with the following protocols: TCP/IP, SSL, TLS, SCP and HTTPS.
SSL Certificates and deployment, maintenance, renewal of certificates from web/app/proxy.
Background in Systems Administration of Windows ADCS, Linux, VM, Application and database servers.
Experience with Microsoft Active Directory, and LDAP directory integrations a plus.
Scripting and Automation in PowerShell, Perl, bash, ksh or other scripting language strongly preferred.
Strong work ethic. Time management with ability to work with diverse teams and lead meetings.
Demonstrate excellent attitude and communication skills with internal and external customers.
Strong infrastructure design and documentation skills
CISSP or similar certification is a Plus
Location / Logistics: Local Denver resources only. On site only. No remote.
W2 only No sub-contracting. No sponsorship available.