Senior PKI/Venafi Architect
Qode
Full-time
Work From Home
United States
IT
Description
Job Title: Senior PKI/Venafi Architect
Location: Remote
Employment Type: Full-Time
Experience Level: 12+ Years
Job Summary:
We are seeking a highly experienced and strategic Senior PKI/Venafi Architect with deep expertise in Venafi, PKI-DSS architecture, cryptography mechanisms, and cloud environments. This is a critical, greenfield opportunity to lead end-to-end discovery, design, implementation, and support of enterprise-grade PKI and certificate lifecycle management solutions. Ideal candidates will have a strong architectural background and proven success in delivering secure, scalable, and compliant cryptographic infrastructures across hybrid cloud environments.
Key Responsibilities:
- Lead the architecture, engineering, and integration of Public Key Infrastructure (PKI) and certificate management systems using Venafi Trust Protection Platform.
- Drive all phases of the project lifecycle: discovery, design, implementation, support, and optimization.
- Develop enterprise PKI-DSS (Public Key Infrastructure – Data Security Standards) aligned with compliance, audit, and security frameworks.
- Architect secure, scalable cryptographic solutions involving digital certificates, TLS/SSL, key management, encryption mechanisms, and secure protocols.
- Oversee integration of PKI and cryptographic services with cloud platforms (AWS, Azure, GCP) and DevSecOps toolchains.
- Define and enforce policies for certificate lifecycle management, including issuance, renewal, rotation, and revocation.
- Partner with security, infrastructure, and application teams to ensure secure adoption of cryptographic services.
- Evaluate emerging technologies, contribute to security roadmap, and continuously improve cryptographic posture.
Required Qualifications:
- 12+ years of experience in Information Security Architecture, with at least 5 years specializing in PKI, certificate management, and cryptography.
- Hands-on experience with Venafi Trust Protection Platform – policy configuration, workflow setup, agent integrations, etc.
- Strong understanding of PKI architecture, CA hierarchy, HSMs, OCSP, CRLs, and key protection mechanisms.
- Deep knowledge of cryptographic standards (RSA, ECC, AES, SHA, TLS/SSL, etc.) and security protocols.
- Experience in deploying PKI/certificate solutions in cloud (AWS, Azure, GCP) and hybrid environments.
- Proven track record of working as an Architect, leading security design sessions, risk assessments, and solution implementations.
- Strong scripting or automation skills (e.g., PowerShell, Python, REST APIs) for certificate lifecycle automation.
- Familiarity with security frameworks like NIST, ISO 27001, PCI-DSS, and regulatory compliance.
Preferred Qualifications:
- Venafi or other relevant certifications.
- Experience with HSMs (Thales, SafeNet, AWS CloudHSM).