Cybersecurity Expert – Enterprise PAM, PKI
Roche
full-time
Posted on:
Location Type: Hybrid
Location: Petaling Jaya • 🇲🇾 Malaysia
Visit company websiteJob Level
Mid-LevelSenior
Tech Stack
AnsibleAWSAzureCloudDockerGoogle Cloud PlatformJenkinsKubernetesMicroservicesPythonTerraformVault
About the role
- Empower application teams by simplifying access to infrastructure services, with a strong emphasis on certificate lifecycle management and secrets management
- Design and deploy automation scripts and integrations using tools such as PowerShell, Python, Ansible, and YAML to streamline PKI and PAM operations
- Build self-service portals and APIs to facilitate effortless certificate and secret usage, while embedding DevSecOps principles into processes
- Integrate PKI and CLM workflows into CI/CD pipelines and major cloud platforms (AWS, Azure, GCP) to enhance agility and security during application deployments
- Advocate and implement standards like ACME (Automated Certificate Management Environment) or similar for internal certificate issuance
- Enhance and maintain Infrastructure-as-Code (IaC) toolchains and security platforms
- Leverage expertise in DevOps/CI/CD tools (e.g., Jenkins, GitLab, GitHub Actions, Terraform) to strengthen secure development pipelines
- Secure containerized environments (Docker, Kubernetes) and microservices through technologies such as mutual TLS (mTLS)
- Monitor, maintain, and evolve PKI infrastructure, ensuring seamless operation while proactively addressing emerging challenges
- Lead initiatives using tools like Keyfactor and HashiCorp Vault, with additional knowledge in CyberArk and RedHat IDM
- Oversee and improve certificate lifecycle management platforms, including supporting new business use cases and streamlining existing processes
- Develop and automate privileged access controls with tools like HashiCorp Vault and CyberArk to upgrade secure access controls for modern enterprises
- Monitor PKI health, analyze security logs, and respond promptly to incidents and potential threats
- Perform infrastructure maintenance, including patching, upgrades, and routine optimization
- Serve as a Tier 3 technical expert, providing guidance and advanced troubleshooting support for PKI and PAM systems
- Actively mentor teammates and junior engineers, sharing knowledge and fostering a culture of learning and innovation
Requirements
- Solid understanding of enterprise security processes built around ITIL principles
- Proficient in advanced network security concepts, including SSL/TLS protocols, cryptography, key exchanges, cipher suites, and trust validation
- Deep expertise in secure development practices, with knowledge of Zero Trust principles and common web vulnerabilities (OWASP Top Ten)
- Technical IAM experience with robust hands-on skills in debugging and problem-solving across complex security workflows
- Proven ability to balance strong customer focus with a dedication to operational excellence and global collaboration
- Effective communicator who can clearly articulate technical concepts to diverse audiences, including developers, cloud engineers, architects, and business stakeholders
Benefits
- personal expression
- open dialogue
- genuine connections
Applicant Tracking System Keywords
Tip: use these terms in your resume and cover letter to boost ATS matches.
Hard skills
PowerShellPythonAnsibleYAMLCI/CDInfrastructure-as-CodeDevSecOpsnetwork securitycryptographyZero Trust
Soft skills
customer focusoperational excellenceglobal collaborationeffective communicationmentoringproblem-solvingleadershipinnovationguidancetroubleshooting