Sr IT Security-Sr IT Security Analyst PKI

  • Full-time
  • Location: India - Hyderabad
  • Company: Mattel Global Business Services

Job Description

Senior IT Security Analyst – PKI 

About the Role 

We are seeking an experienced Senior IT Security Analyst – PKI to join our IT Security Operations team. This role is responsible for designing, administering, and optimizing the organization's Public Key Infrastructure (PKI) and certificate lifecycle management platforms. The ideal candidate will have 7+ years of experience with Microsoft PKI, Keyfactor, Venafi, external Certificate Authorities, and enterprise certificate automation. Experience with Email Security and Web Application Firewall (WAF) technologies is considered a plus. 

Roles and Responsibilities 

Public Key Infrastructure (PKI) 

  • Administer, maintain, and optimize enterprise PKI infrastructure and certificate lifecycle management platforms. 

  • Lead certificate issuance, renewal, revocation, replacement, and automation initiatives. 

  • Design and maintain certificate templates, workflows, reporting, and lifecycle automation. 

  • Manage Microsoft PKI, Certificate Authorities, SCEP services, OCSP, CRLs, and certificate enrollment services. 

  • Integrate PKI platforms with enterprise applications, cloud services, and network infrastructure. 

  • Coordinate with external Certificate Authorities including DigiCert, GlobalSign, and Entrust. 

  • Troubleshoot complex PKI and certificate-related incidents and provide Level 3 support. 

  • Lead certificate governance, compliance, audit readiness, and risk mitigation initiatives. 

  • Develop and maintain technical documentation, SOPs, and operational standards. 

  • Mentor junior engineers and provide technical leadership during projects and incidents. 

Email Security (Good to Have) 

  • Support Check Point Harmony Email & Collaboration and Microsoft Defender for Office 365. 

  • Assist with SPF, DKIM, and DMARC implementation and troubleshooting. 

Web Application Firewall (WAF) (Good to Have) 

  • Support Imperva WAF or similar enterprise WAF platforms. 

  • Assist with application onboarding, policy tuning, and security improvements. 

Skills and Qualifications 

Required: 

  • 7+ years of experience in Information Security, Infrastructure Security, PKI Administration, or Cybersecurity. 

  • Expert knowledge of Microsoft PKI and enterprise certificate lifecycle management. 

  • Hands-on experience with Keyfactor, Venafi, or equivalent certificate lifecycle platforms. 

  • Strong understanding of PKI architecture, cryptography, X.509 certificates, SCEP, OCSP, CRLs, HSMs, and certificate automation. 

  • Experience integrating PKI with Azure, AWS, Microsoft 365, and enterprise applications. 

  • Experience with external Certificate Authorities including DigiCert, GlobalSign, and Entrust. 

  • Strong troubleshooting skills and experience with ServiceNow or similar ITSM tools. 

  • Experience supporting SOX, NIST CSF, PCI DSS, or similar compliance frameworks. 

  • Excellent documentation, communication, and stakeholder management skills. 

  • Ability to work in a 24/7 operational environment. 

Preferred: 

  • Bachelor's degree in Information Technology, Cybersecurity, Computer Science, or related discipline. 

  • Experience with Email Security technologies such as Check Point Harmony, Proofpoint, Mimecast, or Microsoft Defender. 

  • Experience with Imperva WAF or similar Web Application Firewall technologies. 

  • Experience with Azure Key Vault, AWS Certificate Manager, and cloud PKI solutions. 

  • Experience leading automation and infrastructure improvement initiatives. 

Certifications: 

  • Keyfactor or Venafi Certification (preferred) 

  • Microsoft Certified: Cybersecurity Architect Expert or equivalent 

  • CompTIA Security+ 

  • ISC2 CISSP (preferred) 

Shift Timing: 

Work hours may vary, and the position may require availability during off-business hours as dictated by project needs, system changes, security events, and critical production support. 

By clicking the link above or any third-party link within this posting, you are leaving this site and going to a third-party website where the third-party website's terms and privacy policy apply

Privacy Notice