Security Engineer

* Must be local to Conneticut. You will be majority remote but for urgenr matters you must be local to CT to come into the office*

PKI Sr. Security Engineer with expertise in managing digital certificates. Prepares plans, coordinates with others to execute, and personally executes other periodic nightly change requests. During normal work hours and periodic 24x7 on-call rotations, troubleshoots certificate related incidents on a variety of production systems to restore proper operation while meeting established service level agreements. Partners with requestors, UNIX administrators, network administrators, application owners, and external entities to implement certificate solutions that increase reliability and security for enterprise applications.

• Architect, deploy, and maintain Microsoft ADCS, including configuration, policy enforcement, and integration with enterprise systems for secure identity and encryption services.
• Expertise in Venafi for certificate lifecycle management and policy enforcement.
• Administer Luna and nCipher Hardware Security Modules (HSMs).
• Develop and enforce certificate policies, standards, and governance frameworks.
• Collaborate with cybersecurity, infrastructure, and application teams to integrate PKI solutions across platforms.
• Provides deep dive cert troubleshooting expertise on escalation calls and production support calls.
• Ensure compliance with regulatory and organizational security requirements (e.g., FIPS, NIST).
• Participates in regular key production activities including annual CRL publishing and root key ceremonies.
• Govern Digi Cert and Sectigo external Certificate Authorities.
• Assists with product roadmap.
• Reports progress using data-driven metrics.

• Bachelor’s Degree or higher in Information Systems or related field.
• 2+ years of hands-on experience with PKI, such as familiarity with Venafi, Microsoft’s ADCS, Entrust, Digi Cert applications, including running expiration reports.
• 4+ years of Linux systems administration including package management
• 4+ years of scripting experience such as Ansible, bash, Power Shell or Python is preferred.
• Proficient in PKI technologies, including code signing, Certificate Revocation Lists (CRL), Certificate Enrollment Policy/Services (CEP/CES), and Network Device Enrollment Service (NDES).
• Extensive knowledge of SSL/TLS, public/private certificate signatures, cryptographic algorithms, certificate authorities and trust stores.
• Security related industry certification is a plus.
• Working knowledge of TCP/IP networking/routing concepts and familiarity with firewalls, hubs, routers, switches, DNS, gateways and F5 load balancers.
• Proficiency in both UNIX and Windows systems with ability to navigate, search, determine ownership, execute certificate related commands, etc.
• Familiarity with general tools such as Java Keytool, Keystore Explorer, OpenSSL and Putty.
• Experience configuring and troubleshooting web, application, and middleware technologies is a plus.
• Strong organizational skills. Ability to prioritize, plan and perform multiple tasks simultaneously, including tracking the status of multiple certificates without losing focus.
• Able to self-start and work independently in a self-directed manner in complex, dynamic, large scale, multi-platform distributed middleware environments with minimal direction.
• Advanced detail-oriented problem-solving skills and the ability to build relationships and work collaboratively with other departments to resolve complex issues with innovative solutions.
• Demonstrated ability to quickly learn and communicate concepts and ideas effectively both verbally and in writing across all levels of the organization
• Possesses strong customer service focus with a willingness to accommodate deadlines, including implementing after-hour change requests on a rotational basis.
• Familiarity with healthcare or PBM industry is helpful.