PKI/HSM Device Specialist – SC Cleared
Ref: BBBH62952_1738862707PKI/HSM Device Specialist – SC Cleared
Whitehall Resources currently require an experienced PKI/HSM Device Specialist – SC Cleared to work with a key client
**Candidates must work via an Umbrella Company**
Job Description:
PKI Certificate Management & HSM Specialist with Technical Proficiency in:
* PKI concepts, including certificate authorities (CAs), certificate lifecycle management (issuance, renewal, revocation), and cryptographic standards (e.g., X.509). Experience with PKI software and tools (e.g., Microsoft CA, OpenSSL, Entrust, DigiCert).
HSM Expertise:
* Comprehensive knowledge of HSMs, including setup, configuration, and management.
* Familiarity with HSM brands and models (e.g., Thales, Gemalto, Utimaco), and understanding of their integration with PKI systems.
* Skills in managing HSM keys and ensuring their secure generation, storage, and use.
Security and Compliance:
* Strong grasp of information security principles and practices, particularly in cryptography and data protection.
* Awareness of regulatory and compliance requirements (e.g., GDPR, HIPAA, PCI-DSS) related to PKI and HSM.
* Ability to conduct security audits and risk assessments related to PKI and HSM implementations.
* Proficiency in network protocols and services related to PKI, such as TLS/SSL, LDAP, and DNS.
* Experience with deploying and integrating PKI across various platforms and environments, including cloud services (e.g., AWS, Azure) and on-premises infrastructure.
Problem-Solving and Analytical Skills:
* Strong troubleshooting skills to diagnose and resolve issues related to PKI and HSM.
* Analytical skills to design secure and efficient PKI architectures and to optimize the performance and reliability of HSM devices.
Scripting and Automation:
* Ability to write and maintain scripts (e.g., PowerShell, Python) for automating PKI and HSM management tasks.
* Knowledge of automation tools and frameworks to streamline certificate management processes
Planning and Preparation:
* Define the scope and requirements of the PKI deployment, including the types of certificates needed (e.g., SSL/TLS, email, user authentication) and the intended use cases.
* Design the PKI architecture, including the hierarchy of Certificate Authorities (CAs) (e.g., Root CA, Intermediate CAs) and their roles.
* Prepare the necessary hardware and software, ensuring compliance with security best practices and organizational policies.
* Setup of Certificate Authorities (CAs):Install and configure the Root CA, which will serve as the trust anchor for the PKI hierarchy. Secure it in an offline mode to protect its private key.
* Create and configure one or more Intermediate CAs to issue certificates to end entities (users, devices, servers). These CAs can be online to facilitate certificate issuance and management.
* Configure CA policies, including certificate issuance, revocation, and renewal policies, to align with organizational requirements and security standards.
Certificate Templates and Enrolment:
* Define certificate templates that specify the attributes and constraints of the certificates to be issued (e.g., validity period, key usage).
* Set up an enrolment mechanism for end users and devices to request and obtain certificates. This can include web-based enrolment portals, automated enrolment using tools like SCEP or ACME, or manual processes.
Deployment and Distribution:
* Deploy the necessary software (e.g., agents or clients) on end-user devices and servers to facilitate certificate enrolment, installation, and management.
* Distribute and install the Root CA and Intermediate CA certificates to all trust stores within the organization to ensure that issued certificates are trusted by all systems.
* Ongoing Management and Maintenance: Monitor the PKI environment continuously for any signs of compromise or misconfiguration. Regularly audit and review the PKI processes and policies.
* Manage certificate lifecycles by handling renewals, revocations, and reissuances as needed. Ensure that certificate status information is readily available through mechanisms like Certificate Revocation Lists (CRLs) or Online Certificate Status Protocol (OCSP).
* Provide training and support to SOC staff to ensure proper use and management of PKI certificates and related tools.
All of our opportunities require that applicants are eligible to work in the specified country/location, unless otherwise stated in the job description.
Whitehall Resources are an equal opportunities employer who value a diverse and inclusive working environment. All qualified applicants will receive consideration for employment without regard to race, religion, gender identity or expression, sexual orientation, national origin, pregnancy, disability, age, veteran status, or other characteristics.
Apply Now
Your IT Specialist
