Security Architect (PKI/Key Management) - Hybrid in Dallas, TX OR Tampa, FL (Direct-hire/FTE)
Optomi, in partnership with a client in the financial services space is looking to add a Security Architect to their growing team! The Security Architect over PKI & Secrets Security is responsible for comprehensive review of the existing public key infrastructure and secrets management capabilities for on-premises, client, and cloud. The PKI Security Architect will inspire changes in existing control standards, create new IT security standards that are easily consumed by stakeholders, build specific security patterns & diagrams, and own the roadmap.
This role is looking for someone who is comfortable working in a hybrid setting with 2-3 days per week in office.
Responsibilities:
- Create and drive the internal and client PKI security and secrets management capability roadmap within IT
- Inspire change of control policies with IT Risk Management
- Create IT security standards and drive best-practices
- Own the enterprise-wide PKI architecture including HSMs – Hardware Security Modules, CAs – Certificate Authorities, CLM – Certificate Lifecycle Management.
- Proactively identify access management gaps and partner with app dev teams for remediation
- Design processes and workflows for generation, rotation and revoking certificates.
- Identify automation opportunities for certificate lifecycle.
- Act as the domain specialist to help guide and craft how certificate management services are enabled.
- Design new certificate management services, integrations, and technologies.
- Mentor junior security architects to improve their security and architecture skills within the team.
- Maintain professional and technical process knowledge by keeping abreast of the changing security landscape within the technology industry and changes in cybersecurity frameworks.
- Align risk and control processes into day-to-day responsibilities to supervise and mitigate risk; calls out appropriately.
Qualifications:
- MAIN: Experience with KeyVault, IAM, Secrets management, SSL certificate management concepts, processes, and solution management and experience in building Certificate Policy (CP) and Certificate Practice Statements (CPS).
- Bachelor's degree and/or equivalent experience
- Minimum of 8 years of related experience
- Strong Information Security experience, specifically in PKI/Cryptography (on premise and cloud) & Secrets management.
- In-depth knowledge of Certificate Lifecycle Management including certificate revocation list (CRLs) standard processes.
- Hands-on experience with 2+ vendors such as: Venafi, Hashicorp, Microsoft, Thales, Gemalto (SafeNet HSM), DigiCert, Hitachi (HiPAM).
- Expertise with Online Certificate Status Protocol (OCSP) infrastructure, Hardware Security Modules (HSM), CMS Enterprise, Venafi Trust Protection Platform, and Venafi TrustNet software suites.
- Experience with Information Security frameworks (e.g. ISO 27001 and NIST) & security architecture frameworks.
- Deep technical writing skills to support required documentation.
- Demonstrated ability to collaborate between product management, engineering, risk, and IT teams.
- Has good communication skills with the ability to communicate in front of a large audience.