View all jobs

Principle Security Architect, PKI, Dallas

Dallas, TX · Information Technology

Principle Security Architect, PKI

  • As a PKI Security Architect in the Cybersecurity Architecture Center of Excellence, your responsibilities include a comprehensive review of the existing public key infrastructure for on-premises, client, and cloud. You will also influence changes in existing control standards, create new IT security standards that are easily consumed by stakeholders, create specific security patterns & diagrams, and own the PKI security capability 3-year roadmap.   This role will be essential as the ambassador for the shift in the technology culture to a Security-First mindset.
  • The primary focus areas for this position are the following:
  • Produce security architecture deliverables as part of initiatives related to public key infrastructure (PKI)
  • Partner with IT teams to design and deliver architectures to enable federated access and single sign on in cloud and hybrid environments.
  • Proactively identify security gaps, propose solutions, and follow through with engineering teams for implementation
  • Inspire team members and more junior staff to contribute new ideas and alternative approaches


  • Create and drive the internal and client PKI security capability roadmap with within information technology & the respective IT stakeholders
  • Influence change of control policies with Technology Risk Management & build strong partnerships with IT Architecture & Application Development partners
  • Create IT security standards and drive best-practices which are easily consumed by IT stakeholders
  • Own the enterprise-wide PKI architecture including HSMs – Hardware Security Modules, CAs – Certificate Authorities, CLM – Certificate Lifecycle Management
  • Proactively identify access management gaps and partner with app dev teams for remediation
  • Design processes and workflows for generation, rotation and revoking certificates
  • Identify automation opportunities for certificate lifecycle
  • Act as the domain specialist to help guide and shape how certificate management services are enabled
  • Design new certificate management services, integrations, and technologies
  • Evaluate the existing application security controls, on-premises, and cloud, identify improvements, and build plans into the application security capability roadmap for implementation
  • Mentor junior security architects to enhance their security and architecture skills within the team
  • Maintain professional and technical process knowledge by keeping abreast of the changing security landscape within the technology industry and changes in cybersecurity frameworks
  • Create white papers and present in industry conferences to present thought leadership in the security field
  • Align risk and control processes into day-to-day responsibilities to monitor and mitigate risk; escalates appropriately


  • 5-8 years of related experience
  • Master’s degree preferred
  • Strong Information Security experience, specifically in PKI/Cryptography (on premise and cloud)
  • Solid working experience with certificate issuance ceremonies
  • In-depth knowledge of Certificate Lifecycle Management including certificate revocation list (CRLs) best practices
  • Working experience with 2+ vendors such as: Venafi, Hashicorp, Microsoft, Thales, Gemalto (SafeNet HSM), DigiCert, Hitachi (HiPAM)
  • Experience in SSL certificate management concepts, processes, and solution management
  • Strong experience with Online Certificate Status Protocol (OCSP) infrastructure, Hardware Security Modules (HSM), CMS Enterprise, Venafi Trust Protection Platform, and Venafi TrustNet software suites
  • Experience in building Certificate Policy (CP) and Certificate Practice Statements (CPS)
  • Experience managing Infrastructure as Code using Ansible, Chef or similar configuration management tool and source code control systems such a GIT, SVN etc.
  • Experience in AWS/Azure cloud and DevOps including orchestration
  • Solid experience with Python, networking fundamentals, OS (Windows/Linux) security
  • Experience with Information Security frameworks (e.g. ISO 27001 and NIST) & security architecture frameworks
  • Strong technical writing skills to support required documentation
  • Demonstrated ability to collaborate between product management, engineering, and IT teams
  • Has strong communication skills with the ability to present in front of large audience

ABOUT: Client safeguards the financial markets and helps them run efficiently, in times of prosperity and crisis. We are uniquely positioned at the center of global trading activity, processing over 100 million financial transactions every day, pioneering industry-wide, post-trade solutions and maintaining multiple data and operating centers worldwide. From where we stand, we can anticipate the industry’s needs and we’re working to continually improve the world’s most resilient, secure, and efficient market infrastructure. Our employees are driven to deliver innovative technologies that improve efficiency, lower cost, and bring stability and certainty to the post-trade lifecycle. They proudly supports Flexible Work Arrangements favoring openness and gives people freedom to do their jobs well, by encouraging diverse opinions and emphasizing teamwork.  When you join our team, you’ll have an opportunity to make meaningful contributions at a company that is recognized as a thought leader in both the financial services and technology industries. A career is more than a good way to earn a living. It’s the chance to make a difference at a company that’s truly one of a kind.

Powered by