Join to apply for the PKI Security Engineer (BHJOB22048_672) role at ITmPowered Consulting
3 months ago Be among the first 25 applicants
Join to apply for the PKI Security Engineer (BHJOB22048_672) role at ITmPowered Consulting
Get AI-powered advice on this job and more exclusive features.
PKI Security Engineer
The PKI Security Engineer will work with the PKI Architect in the design, engineering, implementation, and administration of an enterprise PKI including Venafi TPP CLM platform, Certificate Automation, HSM Hardware Security Modules with MofN design, CA Template Design, and PKI operation aligned to CP/CPS documentation.
Contract to Perm
Denver, Colorado
Posted 3 years ago
PKI Security Engineer
The PKI Security Engineer will work with the PKI Architect in the design, engineering, implementation, and administration of an enterprise PKI including Venafi TPP CLM platform, Certificate Automation, HSM Hardware Security Modules with MofN design, CA Template Design, and PKI operation aligned to CP/CPS documentation.
Primary Responsibilities
Engineering and Administration of Key Vaults, Cryptographic and PKI Services
Venafi Engineering and Administration of Certificate Lifecycle Management Services and infrastructure
Venafi TPP Engineering Policy folder design
Engineering of Venafi Certificate discovery scanning / agent, OS / F5 base-lining and agent tuning.
Certificate ingestion, preliminary association, and migration into end state certificate policy folders and management levels (provisioning, enrollment, monitoring).
Enable adoption of Venafi automation Provisioning, Enrollment, Monitoring. Support users of company Venafi Trust Protection Platform (Venafi TPP). PKI certificate management training for TPP users.
Provide consulting to business users on certificate renewals (binding), CSRs, Venafi Certificate management levels, encryption type/strength, etc.
Organize Venafi TPP user and administrative documentation for company implementation.
HSM Engineering and Administration of Encryption and Key Management Services and infrastructure.
HSMs configure, deploy, and maintain Hardware Security Modules (HSMs) for highest level of private key protection and security. Utilizing MofN design, operation, logging and audit compliance. Generate, maintain, and destroy cryptographic keys of various lengths and types using HSM.
CA Certificate Authorities Maintain Windows Server 2016, 2012 ADCS, CA Templates, Issuing CAs, etc.
CRL Management and automation with OCSP responders.
Process management/implementation for PKI, Cryptography, and Hardware Security Modules (HSM).
Liaising with technology teams ServiceNow admins, Network, Sys Admins, Cyber, IAM, GRC, Audit.
Qualifications
Education: Bachelors Degree (required). Masters preferred.
5-10 years of experience in IT monitoring, implementing, and integrating IT security systems.
5+ years of PKI operation; Certificate Management, Venfi CLM, HSMs, CRL, OCSP responders, etc.
3+ years Venafi Engineering, Implementation, administration (19.x, 18.x) policy Folder Design, Deployments, Upgrades, Scanning, Agent tuning,
SSL certificate automation Provisioning, Enrollment, Monitoring using Venafi.
Venafi Certified Administrator (VSA) or Venafi Security Professional (VSP)
HSM experience with (Gemalto, Thales, nCipher, Luna or similar HSM). Understands MofN operation.
Strong working experience with PKI infrastructure (Certificate Authorities (Root / Issuing), Registration Authority, Certificate trust chains and Certificate Revocation Lists).
Fluent with the following protocols: TCP/IP, SSL, TLS, SCP and HTTPS.
SSL Certificates and deployment, maintenance, renewal of certificates from web/app/proxy.
Background in Systems Administration of Windows ADCS, Linux, VM, Application and database servers.
Experience with Microsoft Active Directory, and LDAP directory integrations a plus.
Scripting and Automation in PowerShell, Perl, bash, ksh or other scripting language strongly preferred.
Strong work ethic. Time management with ability to work with diverse teams and lead meetings.
Demonstrate excellent attitude and communication skills with internal and external customers.
Strong infrastructure design and documentation skills
CISSP or similar certification is a Plus
Location / Logistics:
Local Denver resources only. On site only. No remote.
W2 only No sub-contracting. No sponsorship available.
To apply for this job email your details to Careers@itmpowered.com Seniority level Seniority level Mid-Senior level
Employment type Employment type Contract
Job function Job function Information Technology
Industries Business Consulting and Services
Referrals increase your chances of interviewing at ITmPowered Consulting by 2x
Get notified about new Security Engineer jobs in Denver, CO .
Denver, CO $142,000.00-$160,000.00 10 hours ago
Denver, CO $100,000.00-$160,000.00 3 weeks ago
Denver, CO $142,000.00-$160,000.00 5 months ago
Denver, CO $70,000.00-$96,000.00 2 days ago
Denver, CO $55,000.00-$85,000.00 10 hours ago
Englewood, CO $75,200.00-$120,000.00 3 days ago
Denver, CO $145,000.00-$170,000.00 3 days ago
Denver, CO $145,000.00-$170,000.00 3 weeks ago
Security Engineer - Detection & Response Cybersecurity Engineer I (Clearance Required) Denver, CO $150,000.00-$170,000.00 4 days ago
Cyber Security Engineer I, II, III or Senior Littleton, CO $72,400.00-$103,400.00 1 week ago
Boulder, CO $117,800.00-$207,600.00 1 week ago
Senior Cybersecurity Systems Engineer - Remote Boulder, CO $130,500.00-$171,000.00 1 week ago
Principal Cybersecurity Engineer - Enterprise Security Architect Denver, CO $115,000.00-$160,000.00 3 weeks ago
Denver, CO $100,000.00-$120,000.00 3 weeks ago
Denver, CO $140,000.00-$160,000.00 6 days ago
Greenwood Village, CO $80,300.00-$156,600.00 2 weeks ago
Network Security Firewall Engineer IoT (BHJOB22048_734) Principal Cybersecurity Engineer - Enterprise Security Architect Boulder, CO $164,900.00-$288,000.00 1 week ago
Microsoft 365 Security Engineer with Intune and Purview experience Denver, CO $85,000.00-$110,000.00 2 weeks ago
Were unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.
#J-18808-Ljbffr