Behavioral Threat Manager, Corporate Security
Bank of America
Principal Cybersecurity Lead – PKI Strategy
AT&T
full-time
Posted on:
Location Type: Office
Location: Charlotte • New Jersey, North Carolina, Texas • 🇺🇸 United States
Visit company websiteSalary
💰 $141,300 - $237,400 per year
Job Level
Senior
Tech Stack
AnsibleAWSAzureCloudCyber SecurityPythonTerraform
About the role
- Design, engineer, and maintain a scalable, secure, and compliant Public Key Infrastructure (PKI) environment.
- Protect sensitive data, enable secure authentication, and support enterprise-wide encryption initiatives.
- Design and lead implementation of scalable PKI architectures, including root, intermediate, and issuing CA hierarchies.
- Define and maintain Certificate Practice Statements (CPS) and ensure alignment with enterprise security policies.
- Oversee certificate issuance, renewal, revocation, and automation across public and private environments; integrate with DigiCert, KeyFactor, and internal tools.
- Ensure compliance with NIST, FIPS 140-2, ISO 27001, and internal standards; lead cryptographic agility and post-quantum readiness efforts.
- Automate PKI operations using Python, PowerShell, Bash, Ansible, and Terraform; integrate PKI with CI/CD pipelines and DevSecOps workflows.
- Architect PKI solutions for hybrid and multi-cloud environments (AWS, Azure, Akamai, F5); enable secure identity integration with IAM, SSO, and MFA systems.
Requirements
- 8+ years of experience in PKI, cryptography, and cybersecurity architecture.
- Deep knowledge of X.509, CRLs, OCSP, CA hierarchies, and trust models.
- Strong scripting and automation skills (Python, PowerShell, Bash).
- Experience with certificate management platforms and cloud-native security (DigiCert, KeyFactor, internal tools).
- Experience architecting PKI solutions for hybrid and multi-cloud environments (AWS, Azure, Akamai, F5).
- Ensure compliance with NIST, FIPS 140-2, ISO 27001, and internal standards.
- Lead cryptographic agility efforts, including readiness for post-quantum cryptography.
- Automate PKI operations using Ansible and Terraform and integrate with CI/CD and DevSecOps workflows.
- Proven ability to lead enterprise-scale security programs and influence policy.
- Preferred Certifications: CISSP, CISM, Microsoft Azure Security Engineer Associate (AZ-500), AWS Certified Security – Specialty, DigiCert Digital Trust Solutions Engineer or equivalent PKI certification.
- This position requires office presence of a minimum of 5 days per week and is only located in the location(s) posted. No relocation is offered.
Benefits
- Medical/Dental/Vision coverage
- 401(k) plan
- Tuition reimbursement program
- Paid Time Off and Holidays (based on date of hire, at least 23 days of vacation each year and 9 company-designated holidays)
- Paid Parental Leave
- Paid Caregiver Leave
- Additional sick leave beyond what state and local law require may be available but is unprotected.
- Adoption Reimbursement
- Disability Benefits (short term and long term)
- Life and Accidental Death Insurance
- Supplemental benefit programs: critical illness/accident hospital indemnity/group legal
- Employee Assistance Programs (EAP)
- Extensive employee wellness programs
- Employee discounts up to 50% off on eligible AT&T mobility plans and accessories, AT&T internet (and fiber where available) and AT&T phone.
Applicant Tracking System Keywords
Tip: use these terms in your resume and cover letter to boost ATS matches.
Hard skills
Public Key Infrastructure (PKI)cryptographycybersecurity architectureX.509CRLsOCSPscriptingautomationcertificate managementcloud-native security
Soft skills
leadershipinfluence policy
Certifications
CISSPCISMMicrosoft Azure Security Engineer Associate (AZ-500)AWS Certified Security – SpecialtyDigiCert Digital Trust Solutions Engineer