Senior IT Security Engineer / PKI - Build and Improve (f/m/d)

Apply now »

Date: 4 Feb 2025

Location: Prague, CZ

Company: Deutsche Börse Group

Your area of work

 

Secure the future of Deutsche Börse Group by building and maintaining our critical PKI infrastructure. As a key member of the Security IT - Engineering team, you'll be responsible for the design, implementation, and operation of our next-generation PKI solution. This includes ensuring the confidentiality, integrity, and availability of digital certificates and cryptographic keys, enabling secure communication and transactions across the organization. Contribute to a challenging and rewarding environment where your expertise will have a direct impact on the security posture of a leading global organization.

 

Your Responsibilities

 

  • Architect, design, and implement a robust and scalable PKI solution, including certificate authorities, registration authorities, and related components.
  • Manage and maintain the PKI infrastructure, ensuring high availability and performance.
  • Develop and implement policies and procedures for certificate issuance, revocation, and lifecycle management.
  • Troubleshoot and resolve PKI-related issues, ensuring minimal downtime and disruption to business operations.
  • Automate PKI tasks and processes using scripting and automation tools.
  • Collaborate with other security teams to integrate PKI with existing security systems.
  • Maintain comprehensive documentation in line with international Quality Management standards.
  • Conduct regular security assessments and vulnerability scans of the PKI infrastructure.
  • Stay abreast of industry best practices and emerging threats in the PKI landscape.
  • Provide occasional on-call support (rotational basis).

 

Your Profile

 

  • Deep understanding of PKI principles, concepts, and best practices.
  • Extensive experience in designing, implementing, and managing PKI solutions using industry-standard tools and technologies.
  • Experience with Hardware Security Modules (HSMs) and key management best practices.
  • Solid understanding of X.509 certificates, CRLs, and OCSP.
  • Experience with scripting and automation tools (e.g., BASH, Python, PowerShell, Ansible, Terraform).
  • Strong problem-solving skills and an analytical mindset.
  • Excellent communication and collaboration skills.
  • Proficiency in written and spoken English.

 

Nice to have

 

  • Experience in cloud infrastructures.
  • Experience with cloud-based Encryption Keys Management.
  • Experience with certificate lifecycle management tools.
  • Knowledge of IT security standards and frameworks (e.g., ISO 27001, NIST).