PKI Architect

Overview

This role is part of the Global Identity and Access Management team and will focus on various PKI Engineering and Operational projects supporting PepsiCo Global Digital Certificate, Cryptography and Encryption needs

This role is a based out of our FLNA HQ Plano.

Responsibilities

Accountabilities:

• Lead the digital certificate services space, a digital form of identification where consumers, businesses and organizations can exchange data securely, using public key infrastructure (PKI), Enterprise Key and Certificate Lifecycle management (EKCM), Hardware Security Modules (HSM) solutions for global PepsiCo.
• Drive technical discussions to understand digital certificate services requirements while partnering with application teams who design and implement solutions.
• Ensure digital certificate services provided align with PepsiCo's security standards and align with industry best practices.
• Manage the engineering and operations teams (people and work) for digital certificate services by mentoring junior members, ensuring SLAs are met, and ensuring tasks are properly completed.
• Manage the certificate services space end-to-end from designing solutions for services for new integrations and patterns, to implementing projects in the certificate services space, and providing sustained support across all products in the certificate services space.
• Drive automation initiatives for certificate services including certificate provisioning and monitoring for digital certificate services by identifying opportunities for enhancements and implementation with no issues.
• Maintain and enhance global solutions for the digital certificate area ensuring high availability and disaster recovery across regions with resiliency including planning and delivering upgrades.
• Provide guidance, educate key stakeholders on certificate life cycle processes and procedures.
• Lead incident management for digital certificate services across the solution stack driving root cause and resolution within service level agreement.

• Engineering and solutioning PKI design and cross functional integrations
• Assisting users on submitting SSL certificate requests
• Working on Incidents, alerts, service requests in ITSM
• Issuing and managing both Internal and external CA certificates using cert management tool
• Assisting users to download the certificate from cert management tool
• Domain management for issuing external (Entrust) SSL certificates.
• Provisioning (pushing SSL certificates into server) of SSL certificates to AWS, Java JKS and Windows servers
• Provide support on installation of SSL certificates in Windows IIS, JAVA JKS, Unix/Linux, Apache, Tomcat, Azure Key vault, AWS ALB/ELB, F5's etc.
• Provide support on generating a CSR or converting certificate formats using open SSL
• Maintaining data and sending follow up emails on certificates expiry, before they get expired, to avoid warnings and outages
• Preparing and presenting weekly and monthly reports on Service requests, Incidents, and alerts
• Follow up with users for closure of pending tickets.
• Providing end to end operational support to internal customers.
• Managing certificate and key ownership data and keeping it up to date
• Working Knowledge of ITSM process (Request management, change management, Incident management) on tools such as SNOW
• Configuring and managing ADCS, CRL and OCSP Services
• Document all key generation and management activities
• Creating and maintaining CPS, architecture, Process and Run book documents
• Communicate progress, findings, and ensure successful handoff of deliverables to program and operational teams
• Provide detailed project Status to stakeholders
• Collect feedback from stakeholders and users of security capabilities and incorporate that feedback into service

• The expected compensation range for this position is between $89,000 - $149,000.
• Location, confirmed job-related skills, experience, and education will be considered in setting actual starting salary. Your recruiter can share more about the specific salary range during the hiring process.
• Bonus based on performance and eligibility target payout is 10% of annual salary paid out annually.
• Paid time off subject to eligibility, including paid parental leave, vacation, sick, and bereavement.
• In addition to salary, PepsiCo offers a comprehensive benefits package to support our employees and their families, subject to elections and eligibility: Medical, Dental, Vision, Disability, Health, and Dependent Care Reimbursement Accounts, Employee Assistance Program (EAP), Insurance (Accident, Group Legal, Life), Defined Contribution Retirement Plan.

• Bachelor's degree in technology or engineering
• 12 plus years of overall IT and security experience
• 10 plus of experience of PKI, Cryptography/ Encryption technologies and EKCLM
• Proficient in PowerShell scripting, API development and integration
• Good working knowledge of various cloud platforms (Azure, AWS) focused on deployment and integration
• Skilled at collaborating across cross-functional teams and with a multicultural experience
• Teamwork and Leadership/Coaching capabilities

• Good working knowledge of cryptographic and modern auth protocols
• Well versed with Certificate based authentication and device trust
• In depth knowledge of Active Directory Certificate Services (AD CS)
• In depth knowledge of CRL and OCSP and their functionality
• Familiarity with PKI and cryptographic terminology and management
• Knowledge of CLM tool such as Venafi, AppviewX, Keyfactor added advantage
• Hands on experience and Working knowledge of Thales HSM
• Hands on experience and working knowledge of public CA
• Good working knowledge of cloud platforms (Azure and AWS) and SaaS offerings for PKI and EKCLM
• Knowledge of Active Directory domain service
• Knowledge of scripting languages such as PowerShell, API based automation
• Knowledge of ITSM processes like request, incident, change management etc.

• Ability to work as a team player and support cross functional teams
• Results-oriented, able to complete assignments in a timely and accurate manner, and manage multiple priorities
• Adaptable to multi-cultural environment and ways of working across time zones
• Strong oral and written communications skills
• Ability to work within project timelines
• Deliver outcomes with a little supervision, must be a self-starter and self-motivator
• Proactive approach and enthusiasm for problem identification and solving
• Ability to think strategically and suggest creative solutions
• Ability to synthesize complex requirements into simple business practices
• Flexible and able to adapt to changing priorities