Lead Engineer - Digital Certificate Technology Services

The opportunity

The Digital Certificates Technology Service (DCTS) team within the Information Security organization at EY is responsible for the engineering, development, and sustainment of digital certificate-based security solutions and encryption technologies that service the global firm.  

The Public Key Infrastructure (PKI) Engineering Lead drives Information Technologies (IT) security and productivity pillars by enabling secure connectivity for technical assets and devices within EY’s global infrastructure through the creation and management of digital certificates.  The role drives complex engineering design, development, and implementation activities to provide full certificate lifecycle management solutions aligned to multiple digital certificate use cases including Transport Layer Security (TLS), Code Signing, Authentication of User and Devices, and Email Encryption. The as deployed services rely on several technologies including, but not limited to, Microsoft’s Public Key Infrastructure (PKI), Online Certificate Status Protocol (OCSP) infrastructure, Hardware Security Modules (HSM), KeyFactor Command, Venafi Trust Protection Platform, Intune Certificate Connector and JAMF ADCS.

The Engineering Lead will oversee a team of engineering resources and manage all activities to be delivered by this team. The role serves as a bridge between the business, solution architecture design and IT operations stakeholders to ensure sustainment of the deployed services to meet all security, functional, and operational requirements and maintain the highest degree of service uptime as required by the business.

Your key responsibilities

• Primary point of contact for the strategy and best practices in engineering, design execution and aligned management of all complex build activities for specific new or modifications to existing features and functions within the DCT services space.
• Manage the successful technical delivery of projects and services for our customers by working directly with key business stakeholders, executives and project teams. Security engineers are the technical lead on initiatives and as such must drive the vision and alignment of the solution delivery.
• Directs engineering and other technical activities supporting the scalability, supportability, production design, validation testing, release packaging, and release planning to maintain service stability and continuity.   
• Act as a product owner for deployed services to manage the vendor technologies and underlying infrastructure components including development and maintenance of product roadmaps aligned with each service offering.
• Support the definition, design, and deployment of enterprise PKI systems to provide new or enhanced services for the business.
• Maintain existing deployed service components including upgrades, maintenance, and issue resolution.
• Manage the configuration of PKI systems and develop and execute test plans to ensure readiness for production deployment.  
• Create and maintain system documentation.
• Ensure PKI systems align to the security policies, standards, and industry practice.
• Manage direct reports, identifies and recommends hiring and aligns responsibilities and objectives to abilities as well as coach performance to achieve success.

Skills and attributes for success

• Excellent problem-solving skills.
• Strong verbal and written skills to interact with global teams and customers.
• Up to date on current technologies and standards, and maintain awareness of industry trends and threats, focusing on PKI/PKE technologies.
• Solid understanding of IT security principals and secure coding techniques.
• Team leadership and resource management skills.
• Strong experience in Public Key Infrastructure (PKI).
• Experience with CyberArc/Venafi certificate management suite.
• Experience with Codesigning.
• Strong proficiency with Hardware Security Module (HSM) technology (SafeNet/nCipher).
• PowerShell Scripting & general understanding of REST API.
• Experience in cloud solution development with Azure or AWS architectures as it related to PKI management.

To qualify for the role, you must have

• Education
  • Bachelor’s or master’s degree in information assurance, computer science, information systems or related field of study.
• Experience:
  
  • 12+ years of practical experience in the field of IT is required.
  • 8+ years of direct Information Security experience.
  • 6+ years of hands-on PKI engineering experience.