Security Architect

Project Role : Security Architect
Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations.
Must have skills : Data Encryption
Good to have skills : Public Key Infrastructure
Minimum 2 year(s) of experience is required
Educational Qualification : 15 years full time education

Summary:
The PKI / Certificate Management Engineer is responsible for managing the full lifecycle of digital certificates, maintaining enterprise PKI infrastructure, ensuring the security and integrity of certificate authorities (CAs), and supporting internal and external stakeholders with certificate issuance, renewal, installation, and compliance. This role ensures uninterrupted cryptographic trust across applications, systems, users, and devices through proactive monitoring, governance, and operational excellence.

Roles & Responsibilities:
-Manage and renew Root CA and Intermediate CA certificates.
-Monitor CA validity periods and ensure timely generation of new certificates before expiry.
-Maintain security, performance, and reliability of Certificate Authorities and associated certificate services.
-Review platform usage statistics and assess capacity/performance impacts monthly.
-Log, validate, approve, or reject new certificate issuance requests.
-Maintain an accurate certificate book of records with owners, expiry dates, and usage.
-Manage the lifecycle for internal (via Certificate Management Tool) and external certificates.
-Use automated certificate discovery to onboard newly detected certificates across the environment.
-Identify certificate owners, applications, and deployment locations for newly discovered certificates.
-Coordinate certificate installation on end-user devices and application servers.
-Support infrastructure, application, and third-party teams with certificate deployment and troubleshooting.
-Provide remediation support for expired, unmanaged, or non-compliant certificates.
-Identify certificates expiring in 30/60/90 days, and notify relevant asset owners.
-Track certificates with insufficient key sizes, weak cipher algorithms, or compliance gaps.
-Follow up with stakeholders to drive timely renewal, replacement, or remediation.
-Maintain guidance material, forms, training content, and job aids to help users obtain and manage certificates.
-Keep updated lists of certificate owners and ensure accountability for certificate assets.
-Support PKI compliance efforts and ensure proper governance processes are followed for certificate management.
-Troubleshoot certificate issues impacting applications, end-user devices, or system services.
-Work with application teams as needed to resolve installation or validation issues.
-Remediate expired, unmanaged, or non-compliant certificates to restore trust in the environment.
-Contribute to continuous improvement of certificate processes and identify systemic issues.


Professional & Technical Skills:
-Must have 2 years experience in PKI Certificate Management and overall 3 years experience required.
-Strong understanding of PKI concepts, certificate authorities, CRLs, OCSP, and certificate chains.
-Knowledge of NDES is an advantage
-Experience with certificate issuance, renewal, deployment, and discovery tools.
-Knowledge of encryption standards, TLS/SSL, key sizes, cipher suites, and compliance requirements.
-Ability to troubleshoot certificate, authentication, and endpoint trust issues.
-Strong documentation, communication, and stakeholder coordination skills.


Additional Information:
- The candidate should have minimum 2 years of experience in Data Encryption.
- This position is based at our Bengaluru office.
- A 15 years full time education is required.