KPMG US
Senior Specialist, Identity and Access Management, PKI Engineer
Join to apply for the Senior Specialist, Identity and Access Management, PKI Engineer role at KPMG US.
Responsibilities
- Design, deploy, and manage highly available PKI solutions ensuring secure and resilient operations across the organization, and establish integration of PKI with enterprise applications and systems to ensure secure communication and data protection
- Utilize and manage PKI tools such as Microsoft Active Directory Certificate Services, OpenSSL, HashiCorp Vault, and AWS Certificate Manager for key management and distribution, and configure, deploy, and manage Hardware Security Modules (HSMs) to enhance the security of key storage and operations
- Develop and implement strategies and processes for effective key lifecycle management including creation, distribution, rotation, renewal, and revocation, and integrate PKI with Registration Authorities (RA) and Certificate Authorities (CA) to streamline key issuance and management processes
- Define target state architecture and target operating models for PKI infrastructure, ensuring alignment with organizational security strategies, and collaborate with cross-functional teams to support cryptographic protocols and security initiatives
- Monitor PKI infrastructure for security threats and vulnerabilities, conduct regular assessments and audits to ensure compliance with industry standards, and troubleshoot and resolve PKI-related issues with escalation and SLA adherence
- Document PKI architecture, processes, procedures, and strategic approaches, while creating and maintaining client knowledge articles, PKI Standard Operating Procedures (SOPs), architecture and scripts to ensure smooth operations and quick issue resolution, and develop procedures and documentation for continuous improvement and maintenance activities related to IAM solutions
- Act with integrity, professionalism, and personal responsibility to uphold KPMG's respectful and courteous work environment
Qualifications
- Minimum three years of recent experience in deploying and managing highly available PKI solutions, including integration of tools such as Microsoft AD Certificate Services, OpenSSL, HashiCorp Vault, AWS Certificate Manager, and others
- Bachelor's degree from an accredited college or university in Computer Science, Engineering, Information Security, or a related field
- Proven ability to define target state architecture and target operating models for PKI infrastructure, and integrate PKI solutions with enterprise applications and systems efficiently
- Strong understanding of key lifecycle management processes including creation, distribution, rotation, renewal, and revocation and familiarity with Hardware Security Modules (HSMs) and integration of PKI components like Registration Authorities (RA) and Certificate Authorities (CA)
- Experience in programming languages such as Java, Python, or C++ is advantageous, and familiarity with cloud-based PKI solutions and their integration
- Prior experience working in environments requiring strict security and compliance standards, familiar with frameworks like NIST and ISO 27001, and knowledge of network security concepts and secure communication protocols
- Ability to travel as needed
- Applicants must be authorized to work in the U.S. without the need for employment-based visa sponsorship now or in the future. KPMG LLP will not sponsor applicants for U.S. work visa status for this opportunity
KPMG LLP and its affiliates and subsidiaries comply with all applicable laws regarding recruitment and hiring. KPMG is an equal opportunity employer.
#J-18808-Ljbffr