Security Architect

Project Role : Security Architect
Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations.
Must have skills : Data Encryption, Public Key Infrastructure
Good to have skills : NA
Minimum 2 year(s) of experience is required
Educational Qualification : 15 years full time education

Summary:
As a Security PKI Analyst, you are responsible for the operational support, administration, and continuous improvement of Public Key Infrastructure (PKI) services, including certificate lifecycle management, code signing infrastructure, and HSM operations. The role supports enterprise scale PKI environments within a managed services delivery model, ensuring service stability, security, and operational efficiency.

Roles & Responsibilities:
- Expected to be an SME, collaborate and manage the team to perform.
- Provide L2/L3 operational support for enterprise PKI services, including certificate issuance, renewal, revocation, validation, and troubleshooting across standard and secure environments.
- Operate and support Certificate Authorities (Root/Issuing), CRL/OCSP services, and code signing infrastructure, ensuring service availability, integrity, and compliance.
- Support HSM backed PKI and code signing environments, performing operational activities under dual control and segregation of duties, while excluding key ownership and custodianship.
- Manage PKI incidents, service requests, and minor changes in line with defined SLAs, including participation in on call support for P1/P2 incidents and major incident handling.
- Perform root cause analysis (RCA) for recurring PKI issues and implement corrective and preventive actions to reduce incidents and service disruption.
- Monitor PKI health and performance, including CA services, certificate chains, CRL/OCSP availability, and certificate related alerts using enterprise monitoring tools.
- Identify and implement automation and scripting opportunities (PowerShell / Python) to reduce manual PKI operations, improve turnaround time, and enhance operational efficiency.
- Contribute to Continuous Service Improvement (CSI) by analyzing ticket trends, operational metrics, and process gaps, and maintaining updated runbooks, SOPs, and knowledge articles.
- Support audit, compliance, and security activities by providing operational evidence, participating in reviews, and ensuring adherence to security and regulatory standards.
- Collaborate with application, infrastructure, and security teams to resolve PKI related issues, support application onboarding, and ensure smooth service delivery.
- Support BCDR and resilience activities, including certificate readiness validation and operational support during planned drills.


Professional & Technical Skills:
- Must To Have Skills: Proficiency in Data Encryption.
- Strong experience with Enterprise PKI, preferably Microsoft AD CS
- Hands on knowledge of:
- Certificate Authorities (Root, Issuing)
- TLS/SSL, X.509 certificates
- CRL, OCSP, certificate chains
- Experience supporting code signing infrastructure
- Working knowledge of HSMs (e.g., Thales, Entrust, or equivalent)
- Scripting experience using PowerShell and/or Python
- Familiarity with monitoring tools (e.g., Splunk or equivalent)

Additional Information:
- The candidate should have minimum 8 years of experience in Data Encryption.
- PKI / AD CS
- Cryptography or HSM related certifications
- A 15 years full time education is required.