PKI & Codesigning Engineer (5-10 yrs)

Role : PKI & Codesigning

Roles and Responsibilities :

1. Collaborate with internal and external stakeholders to include, but not limited to, Legal, Teammate Relations (Human Resources), Corporate Security, Incident Response, and Security Operations.

2. Drive the development of PKI solutions to meet security and business requirements

3. Relying on extensive understanding of Truist and other financial institution process, procedures, and business function in the investigation of alerts related to Teammate activity.

4. Partner with architecture teams to understand security and business implications of PKI strategy

5. Utilize approved information security data loss prevention tools and methods to collect and analyze data being monitored as it leaves the Truist environment.

6. Review alerted events and research the details associated with the event to determine the reason for the alert and decide whether a potential information security policy violation has occurred and escalate to the appropriate organization for review and remediation.

7. Develop and deploy solutions to ensure Digital Credential Services are performing according to specifications, meet defined procedures, and comply with applicable information security policies and requirement

8 . Provide instruction of proper data handling procedures and activities with Teammates and leadership.

9. Work closely with the Truist Corporate Investigations and DCISO Shared Services teams in the identification, collection, and analysis of data.

- The PKI Engineer will be part of Global Certificate Authority (CA) team responsible for ensuring that all communications between servers & devices/applications/systems are secure

- This includes implementing/enhancing/sustaining the services with an understanding of the infrastructure (hardware, software (CA, HSM), design/architecture, data centers, networks, ports, and load balancers), and how all the components interact together

- This role will design, configure, implement, report on, sustain, resolve complex issues, govern, and enhance CA/PKI, HSM, and the Certificate Services

- The position will be responsible for the certificate authority (CA) that both issues and verifies the digital certificates

- The role will also be responsible for day-to-day sustainment, maintenance, enhancement, governance, and reporting of CA/PKI/HSM environments including on-call sustainment globally

- Code signing knowledge in terms of L3 level hands-on experience in development, very technical role working with developers to bake in code signing into SDLCs.

- Proficiency with Linux/Unix and Windows, especially for managing cryptographic systems

- Incident response Knowledge of how to handle breaches or compromise related to cryptographic assets

- Handon experience with OpenSSL is Plus and Good understand of Python and System programming is must.

- Verifying Software Origin, ensuring Code Integrity, enhancing User Experience and Trust and applications of Code Signing like software Distribution, Updates and Patches, Device Drivers, Mobile Applications

- The role will partner with application and system teams to on-board new entities with certificates and sustain existing implementations

- Upgrading and deploying to all environments

- Analyzing all aspects of the existing infrastructure and provide recommendations to enhance system reliability, availability, serviceability, and scalability

Mandatory skills : Code Signing