×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cybersecurity Systems Engineer

PKI Architect – Identity & Access Management

Job in Purchase, Westchester County, New York, 10577, USA
Listing for: PepsiCo
Full Time position
Listed on 2026-02-17
Job specializations:
  • IT/Tech
    Cybersecurity, Systems Engineer
  • Engineering
    Cybersecurity, Systems Engineer
Salary/Wage Range or Industry Benchmark: 93500 - 156450 USD Yearly USD 93500.00 156450.00 YEAR
Job Description & How to Apply Below

Overview

This role sits within Pepsi Co’s Global Identity and Access Management (IAM) team and focuses on PKI engineering and operational initiatives that support the company’s global digital certificate, cryptography, non-human identity (NHI) management, and encryption requirements.

The individual will have end-to-end ownership of enterprise PKI platforms, including Microsoft Active Directory Certificate Services (AD CS), public certificate authorities (such as Digi Cert), and certificate lifecycle management solutions.

This is a hands‑on role responsible for the design, installation, configuration, and ongoing operation of PKI services across global environments. The role supports both strategic engineering initiatives and day‑to‑day PKI operations, serving as the internal subject matter expert for certificate-based trust, automation, and lifecycle management.

This position is based at Pepsi Co’s FLNA headquarters in Plano, TX.

Responsibilities
  • Engineering and solutioning PKI design and cross functional integrations
  • Assisting users on submitting SSL certificate requests
  • Managing and driving NHI discovery and management
  • Working on incidents, alerts, service requests in ITSM
  • Issuing and managing both internal and external CA certificates using cert management tool
  • Assisting users to download the certificate from cert management tool
  • Domain management for issuing external (Entrust) SSL certificates
  • Provisioning SSL certificates to AWS, Java JKS, and Windows servers
  • Providing support on installation of SSL certificates in Windows IIS, JAVA JKS, Unix/Linux, Apache, Tomcat, Azure Key vault, AWS ALB/ELB, F5’s, etc.
  • Providing support on generating a CSR or converting certificate formats using OpenSSL
  • Maintaining data and sending follow‑up emails on certificates expiry to avoid warnings and outages
  • Preparing and presenting weekly and monthly reports on service requests, incidents, and alerts
  • Follow up with users for closure of pending tickets
  • Providing end‑to‑end operational support to internal customers
  • Managing certificate and key ownership data and keeping it up to date
  • Working knowledge of ITSM process (request management, change management, incident management) on tools such as SNOW
  • Configuring and managing ADCS, CRL, and OCSP services
  • Documenting key generation and management activities
  • Creating and maintaining CPS, architecture, process, and run‑book documents
  • Communicating progress, findings, and ensuring successful handoff of deliverables to program and operational teams
  • Providing detailed project status to stakeholders
  • Collecting feedback from stakeholders and users of security capabilities and incorporating it into service
Compensation and Benefits
  • Salary range $93,500 – $156,450 (location, skills, experience, and education considered)
  • Bonus based on performance: 10% of annual salary paid annually
  • Paid time off subject to eligibility, including paid parental leave, vacation, sick, and bereavement
  • Comprehensive benefits package: medical, dental, vision, disability, health, dependent care reimbursement, EAP, accident, group legal, life insurance, defined contribution retirement plan
Qualifications

Minimum Qualifications
  • Bachelor’s degree in technology or engineering
  • 12+ years overall IT and security experience
  • 10+ years PKI, cryptography/encryption technologies, NHI management, EKCLM experience
  • Proficient in Power Shell scripting, API development and integration
  • Good working knowledge of cloud platforms (Azure, AWS) focused on deployment and integration
  • Skilled at collaborating across cross‑functional teams with a multicultural experience
  • Teamwork and leadership/coaching capabilities
Mandatory Technical Skills
  • Good knowledge of cryptographic and modern auth protocols
  • Experienced with certificate-based authentication and device trust
  • In‑depth knowledge of AD CS, CRL, and OCSP
  • Familiarity with PKI terminology and management
  • Knowledge of CLM tools such as Venafi, AppViewX, Keyfactor (advantage)
  • Hands‑on experience with Thales HSM
  • Hands‑on experience with public CA
  • Knowledge of Azure and AWS cloud PKI and EKCLM SaaS offerings
  • Knowledge of Active Directory domain services
  • Knowledge of scripting languages:
    Power Shell, API-based automation
  • Kno…
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)

Job Posting Language
Employment Category
Education (minimum level)
Filters
Education Level
Experience Level (years)
Posted in last:
Salary
Advanced Search