OverviewThis role is responsible for owning all certificate authority (CA) lifecycle processes to create and manage the Aretiico Root and Issuing CAs; end entity certificates issued directly from these CAs; and the hardware security modules (HSMs) used to protect the private keys of these CAs.Key objectivesGather and understand requirements impacting the Aretiico Public Key Infrastructure.Document compliance with controls against those requirements.Perform key ceremonies to create and manage the Aretiico Root and Issuing CAs.Manage the HSM lifecycle.Ensure that the PKI ecosystem stays up to date with ongoing compliance changesHelp develop additional services and integrations (e.g. EST, CMPv2, etc.)Main responsibilitiesUnderstand regulatory and program requirements impacting the Aretiico PKI.Define key ceremony process, procedures, and templates to create and manage Aretiico Root and Issuing CAs.Perform risk assessments as required for major changes to the Aretiico PKI based on an industry standard (i.e., ISO 27005).Install, configure, and maintain the CA.Help understand client requirements and where PKI can sit; then help engineer these solutions.Establish and maintain CA system accounts.Configure Certificate profiles or templates and Audit parameters, both for the UK but also for CA’s throughout the world.Participate in Disaster recovery and business continuity procedures.Background / ExperienceExperience of PKI lead or similar type roles.Experience in software development, preferably in Java and Python.In depth experience with key ceremonies.Experience in system development lifecycle and system integration is desirable.Proficiency in cryptography programming, nShield HSM (Hardware Security Module), PKCS#11.Proficient in application development and databases.Education & QualificationsEssentialExperience of PKI lead or similar type roles.Experience in software development, preferably in Java and Python.In depth experience with key ceremonies.Experience in system development lifecycle and system integration is desirable.Proficiency in cryptography programming, nShield HSM (Hardware Security Module), PKCS#11.Proficient in application development and databases.DesirableDegree holder in Computer Science, Computer Engineering, or related disciplines is desirable.Personal SpecificationEssential: Possess expert knowledge, experience, and qualifications necessary for the offered services and appropriate for the job function; demonstrate the ability to perform duties; trustworthy; no other duties that would interfere or conflict with duties for the trusted role; not previously relieved of duties for negligence or non-performance; not been denied security clearance or had a security clearance revoked for cause; not convicted of a felony or serious offense that affects suitability for the position.This is a Trusted Role and therefore the incumbent is required to successfully pass a background screening that covers:EmploymentEducationPlace of residenceReferencesCredit checkAdverse media and sanctions checksThe period of investigation shall cover at least the last three years for each area, except the residence check which shall cover at least the last three years and the employment check may be limited to the period of time the individual has been in the workforce. Regardless of the date of award, the highest educational degree shall be verified. #J-18808-Ljbffr