Full Time | Valencia, Spain, Rome, Italy or Remotely (UCT+1 to UTC-3)
If you like this offer, please send your CV mentioning the job title to: [email protected]
Location: Valencia, Spain, Rome, Italy or Remotely (UCT+1 to UTC-3)
Teleworking option: Yes
SCOPE OF WORK:
- Manage and operate certificate lifecycle management processes, including issuance, renewal, revocation, replacement, auditing, and compliance tracking.
- Integrate, configure, and maintain Certificate Management Systems (CMS) and enterprise‑wide enrollment services.
- Implement and maintain automation workflows for certificate management using ACME and other certificate automation protocols.
- Operate and maintain PKI environments across hybrid cloud and on‑prem infrastructures, including Microsoft CA, EJBCA, and other open‑source or commercial PKI systems.
- Manage Hardware Security Modules (HSMs), including key generation, protection, rotation, backup, and secure handling of cryptographic materials.
- Support Identity Providers (IdPs) and authentication frameworks, enabling secure integration with SSO, MFA, federation protocols (SAML, OIDC, OAuth2), and certificate‑based authentication.
- Manage and enhance auto‑enrollment mechanisms for certificates on servers, devices, applications, and user endpoints.
- Develop automation scripts (PowerShell, Python) for certificate deployment, renewal workflows, system integrations, and reporting.
- Support secure onboarding/offboarding of services requiring certificates, ensuring proper identity binding, policy enforcement, and trust‑chain validation.
- Understand and manage interactions with public Certification Authorities (CAs), including validation processes (DCV/OV/EV), documentation handling (CSRs, legal/organization proofs), issuance tracking, and compliance with CA/B Forum and vendor requirements.
- Assist security operations by providing PKI expertise for incident response, including mis‑issuance, certificate‑related outages, or key compromise scenarios.
- Maintain documentation of PKI architectures, baselines, approval workflows, system configurations, key ceremonies, and operational procedures to ensure consistency and business continuity.
- Provide support for internal and external audits, including preparation of evidence related to certificate usage, access control, cryptographic operations, and compliance posture.
- Contribute to the development of training and awareness materials to strengthen organizational understanding of PKI, secure authentication, and certificate management.
The resource MUST have the following skills and experience:
- Strong understanding and hands‑on experience with federation protocols (SAML, OAuth2, OIDC), SSO models, IdP integrations, and identity brokering.
- In‑depth knowledge of Multi‑Factor Authentication (MFA) and certificate‑based authentication workflows, including integration with enterprise identity platforms.
- Extensive experience with certificate‑based authentication, encryption, digital signatures, and secure identity binding across enterprise environments.
- Solid experience with PKI and certificate management systems such as EJBCA, Microsoft CA, and public Certification Authorities (Entrust, DigiCert, Sectigo), including validation processes (DCV/OV/EV) and associated documentation.
- Strong knowledge of certificate lifecycle management, including issuance, renewal, revocation, CRLs/OCSP, enrollment protocols, trust‑chain validation, and policy enforcement.
- Practical experience with certificate automation protocols, including ACME and other automated enrollment mechanisms.
- Proficiency in scripting and automation (PowerShell, Python, Bash) for certificate workflows, integrations, monitoring, and lifecycle orchestration.
- Experience with Hardware Security Modules (HSMs) for secure key generation, lifecycle management, storage, and cryptographic operations.
- Familiarity with Zero Trust principles relevant to identity assurance and certificate‑driven access control.
- Excellent communication, collaboration, and documentation skills.
- Ability to work independently, proactively report progress, and operate with minimal supervision.
The resource SHOULD have the following skills and experience:
- Experience with authentication and authorization processes that integrate certificate‑based access models (e.g., policy‑driven access, EKUs/Key Usage constraints, smartcard/PIV workflows).
- Familiarity with credential vaulting or access control tools, such as CyberArk, in contexts where certificates or cryptographic keys are used for authentication.
Soft skills:
- Customer facing experience and oral communication skills
- Ability to write documentation & reports
- Creativity/ ability to find innovative solutions
- Willingness to learn on the job
- Conflict management & cooperation
- Willingness to career growth and attitude
Teleworking Option:
- Yes, fully remote if preferred.
