Position Summary
The IT Certificate Administrator is responsible for overseeing the end-to-end lifecycle of internal and external digital certificates. This role ensures secure communication, identity authentication, and data encryption across systems by managing digital certificates and Public Key Infrastructure (PKI). The position plays a key role in maintaining organizational security posture, regulatory compliance, and operational resilience.
Key Responsibilities
Certificate Lifecycle Management
Request, issue, renew, and revoke digital certificates.
Maintain a comprehensive inventory of all certificates in use.
Monitor certificate expiration dates and perform timely renewals.
Security and Compliance
Enforce organizational certificate policies (e.g., key length, algorithm strength, validity periods).
Ensure compliance with relevant standards and regulations (PCI-DSS, HIPAA, ISO 27001).
Detect and mitigate certificate misuse or compromise.
PKI Infrastructure Management
Manage internal and subordinate Certificate Authorities (CAs).
Configure and maintain Online Certificate Status Protocol (OCSP) responders and Certificate Revocation List (CRL) distribution points.
Ensure high availability, scalability, and security of PKI infrastructure.
Incident Response
Lead response to certificate-related incidents (e.g., expiration, compromise).
Revoke and reissue certificates as part of incident containment or remediation.
Collaboration and Support
Collaborate with DevOps, IT, and Application teams to integrate certificates across systems.
Provide guidance on secure certificate configurations and best practices.
Documentation and Reporting
Maintain detailed documentation on certificate procedures, policies, and architecture.
Generate and present reports on certificate usage, compliance, and risk posture.
Automation and Tooling (Preferred)
Deploy and manage certificate automation tools (e.g., Venafi, DigiCert, Sectigo).
Automate certificate discovery, issuance, and renewal processes.
Technical and Behavioral Requirements
Experience
3–5 years hands-on experience managing digital certificates (internal and external).
2+ years experience with Certificate Authorities such as DigiCert (preferred), Gandi, or GlobalSign.
Preferably 1–2 years of experience in large-scale environments (e.g., managing >1000 certificates in multinational organizations).
Technical Skills
PKI Fundamentals: X.509 certificates, asymmetric encryption, certificate chains, digital signatures.
Certificate Management Tools: DigiCert, GlobalSign, OpenSSL, HashiCorp Vault, Venafi, Sectigo, Keyfactor.
Encryption/Hashing: RSA, ECC, AES; SHA-2, SHA-3.
Operating Systems: Admin-level knowledge of Windows Server (with AD CS) and Linux/Unix.
Networking & Protocols: SSL/TLS, HTTPS, IPsec, S/MIME, OCSP, CRL, LDAP, DNS.
Scripting & Automation:
PowerShell (Windows)
Bash (Linux)
Python (automation/integration)
Security Tools:
Certificate Management Platforms
SIEM (e.g., Splunk, QRadar)
Vulnerability Scanners (e.g., Nessus, Qualys)
Cloud & DevOps Integration:
Azure Key Vault, AWS Certificate Manager, Google Cloud Certificate Manager
CI/CD pipelines, Kubernetes, Docker
