Position
At the heart of our digital security is the trust we build through encrypted communication. As PKI Engineer, you will join our Identity and Access Management (IAM) team to help manage the core certificate infrastructure. You’ll be instrumental in ensuring that our digital certificates are issued, tracked, and renewed without a hitch.
This is a growth-oriented role where you will learn to navigate complex security infrastructures while contributing to the automation of high-volume security tasks.
Responsibilities
- Assist in the day-to-day administration of Microsoft Active Directory Certificate Services (AD CS), including template management and troubleshooting.
- Leverage Keyfactor Command to monitor certificate health, identify expiring assets, and assist in the cleanup of "rogue" or unknown certificates.
- Support the deployment and troubleshooting of ACME clients for automated certificate issuance across our web server environment.
- Participate in the automation of routine certificate tasks using Version Control systems and scripting as required (PowerShell or Python).
- Document PKI processes and maintain the Certificate Policy/Certification Practice Statement (CP/CPS) records.
- Collaborate with senior engineers to orchestrate certificate distribution to load balancers, firewalls, and application servers.
Impact and Strategy
- Contributes to projects or workgroups by providing well-analyzed requirements and supporting the design of solutions that align with business objectives within their specified area.
- Demonstrates growing autonomy and expertise within their specific domain by translating requirements into a strategic plan with supervision, and may identify opportunities for minor process improvements within their immediate scope.
Complexity
- Works on a product or larger contexts, handling requirements and analysis for specific features or components.
- Can navigate moderate levels of complexity in requirements and stakeholder landscapes.
- Begins to understand sources of influence and analyze business problems or opportunities within this product context, starting to map basic interconnections.
Business and Technical Ability
- Possesses a working knowledge of the relevant business domain and supporting technologies.
- Understands sources of influence, comprehending internal and external factors affecting the problem space, and is capable of identifying and analyzing basic business problems or opportunities holistically.
Qualifications
Education and Experience
- 3–5 years of experience in IT infrastructure, security, or a systems administration role.
- Associate’s degree or Bachelor’s Degree in Computer Science, Cyber Security, or equivalent practical experience.
- Experience conducting stakeholder interviews, synthesizing requirements, and mapping/analyzing current processes.
Technical Skills
- Solid understanding of cryptography basics (Symmetric vs. Asymmetric, Hashing, Digital Signatures).
- Experience with Windows Server and Active Directory; exposure to web servers such as IIS, Apache, or Nginx.
- Comfortable using Git for basic file management and collaboration.
- Knowledge of the ACME protocol or experience using tools like Certbot.
- Familiarity with PowerShell or Python for automating repetitive tasks.
- Desire to obtain certifications such as CompTIA Security+ or Microsoft Identity and Access Administrator (SC-300).
- Understanding of Zero Trust principles, authentication factors and cryptography.
- Strong communication skills to convey technical concepts to diverse audiences and demonstrated success working collaboratively in Agile environments, contributing to cross‑functional teams.
- Experience with version control systems (Git) and CI/CD pipelines for secure code deployment; optional scripting expertise with Curl, Python, Bash, or PowerShell.
- Strong debugging and problem‑solving skills.
Additional Qualifications
- A mindset of continuous improvement with a proactive approach to identifying solution‑level issues, gaps, or inefficiencies.
- Strong analytical and logical reasoning skills to identify discrepancies, challenge assumptions, and confidently present solutions.
Roche is an Equal Opportunity Employer.
#J-18808-Ljbffr