Summary: Manage and operate certificate lifecycle processes, integrate and maintain Certificate Management Systems, and support PKI environments across hybrid cloud and on-prem infrastructures. Highlights: 1. Manage and operate certificate lifecycle management processes 2. Extensive experience with certificate-based authentication and PKI systems 3. Proficiency in scripting for certificate workflows and automation Full Time \| Valencia, Spain, Rome, Italy or Remotely (UCT\+1 to UTC\-3\) If you like this offer, please send your CV mentioning the job title to: corporate.sales@united\-its.com Location: Valencia, Spain, Rome, Italy or Remotely (UCT\+1 to UTC\-3\) Teleworking option: **Yes** #### **Required Technical Skills** **SCOPE OF WORK**: * Manage and operate certificate lifecycle management processes, including issuance, renewal, revocation, replacement, auditing, and compliance tracking. * Integrate, configure, and maintain Certificate Management Systems (CMS) and enterprise‑wide enrollment services. * Implement and maintain automation workflows for certificate management using ACME and other certificate automation protocols. * Operate and maintain PKI environments across hybrid cloud and on‑prem infrastructures, including Microsoft CA, EJBCA, and other open‑source or commercial PKI systems. * Manage Hardware Security Modules (HSMs), including key generation, protection, rotation, backup, and secure handling of cryptographic materials. * Support Identity Providers (IdPs) and authentication frameworks, enabling secure integration with SSO, MFA, federation protocols (SAML, OIDC, OAuth2\), and certificate‑based authentication. * Manage and enhance auto‑enrollment mechanisms for certificates on servers, devices, applications, and user endpoints. * Develop automation scripts (PowerShell, Python) for certificate deployment, renewal workflows, system integrations, and reporting. * Support secure onboarding/offboarding of services requiring certificates, ensuring proper identity binding, policy enforcement, and trust‑chain validation. * Understand and manage interactions with public Certification Authorities (CAs), including validation processes (DCV/OV/EV), documentation handling (CSRs, legal/organization proofs), issuance tracking, and compliance with CA/B Forum and vendor requirements. * Assist security operations by providing PKI expertise for incident response, including mis‑issuance, certificate‑related outages, or key compromise scenarios. * Maintain documentation of PKI architectures, baselines, approval workflows, system configurations, key ceremonies, and operational procedures to ensure consistency and business continuity. * Provide support for internal and external audits, including preparation of evidence related to certificate usage, access control, cryptographic operations, and compliance posture. * Contribute to the development of training and awareness materials to strengthen organizational understanding of PKI, secure authentication, and certificate management. The resource **MUST** have the following skills and experience: * Strong understanding and hands‑on experience with federation protocols (SAML, OAuth2, OIDC), SSO models, IdP integrations, and identity brokering. * In‑depth knowledge of Multi‑Factor Authentication (MFA) and certificate‑based authentication workflows, including integration with enterprise identity platforms. * Extensive experience with certificate‑based authentication, encryption, digital signatures, and secure identity binding across enterprise environments. * Solid experience with PKI and certificate management systems such as EJBCA, Microsoft CA, and public Certification Authorities (Entrust, DigiCert, Sectigo), including validation processes (DCV/OV/EV) and associated documentation. * Strong knowledge of certificate lifecycle management, including issuance, renewal, revocation, CRLs/OCSP, enrollment protocols, trust‑chain validation, and policy enforcement. * Practical experience with certificate automation protocols, including ACME and other automated enrollment mechanisms. * Proficiency in scripting and automation (PowerShell, Python, Bash) for certificate workflows, integrations, monitoring, and lifecycle orchestration. * Experience with Hardware Security Modules (HSMs) for secure key generation, lifecycle management, storage, and cryptographic operations. * Familiarity with Zero Trust principles relevant to identity assurance and certificate‑driven access control. * Excellent communication, collaboration, and documentation skills. * Ability to work independently, proactively report progress, and operate with minimal supervision. The resource **SHOULD** have the following skills and experience: * Experience with authentication and authorization processes that integrate certificate‑based access models (e.g., policy‑driven access, EKUs/Key Usage constraints, smartcard/PIV workflows). * Familiarity with credential vaulting or access control tools, such as CyberArk, in contexts where certificates or cryptographic keys are used for authentication. **Soft skills:** * Customer facing experience and oral communication skills * Ability to write documentation \& reports * Creativity/ ability to find innovative solutions * Willingness to learn on the job * Conflict management \& cooperation * Willingness to career growth and attitude **Teleworking Option:** * Yes, fully remote if preferred. **On\-call requirements:** * Required