EXPERIENCE AND EDUCATION:
Essential Qualifications/Experience:
· Extensive knowledge of modern communication and Internet Protocol (IP) based networking technologies and systems including security aspects
· 5 years extensive experience with PKI System development, design, management
· Extensive knowledge of Information security and Cryptography (symmetric and asymmetric encryption, public key infrastructure (PKI) encryption, public key encryption, hash functions, digital signatures, digital certificates)
· Working knowledge of router and switches configuration
· Practical experience in Windows Servers, RHEL and VMware system administration
· Knowledge of the principles of computer and communications security, networking, and vulnerabilities of modern operating systems and applications
· Experience with SQL database administration
· Extensive experience in operating systems backup and restore
· Practical experience in scripting (Python, PowerShell)
· Practical experience in SSL, TLS, and OpenSSL
Desirable Qualifications/Experience:
· VMware (VCA, VCP) and Linux RHEL system administration
· CISCO CCNA
· Microsoft Certified Solution Associate (MCSA)
· Microsoft Certified Solutions Expert (MCSE)
· Experience in development and implementation of computer security policies
DUTIES/ROLE:
· PKI Strategy and Architecture:
ü Lead the design, implementation, and continuous improvement of enterprise PKI solutions, including Certificate Authorities (CAs), Registration Authorities (RAs), and Hardware Security Modules (HSMs)
ü Define and enforce PKI security policies, standards, and best practices to align with NATO policy and industry requirements
ü Develop a strategic roadmap for PKI evolution, including cloud based cryptographic services and post-quantum cryptography readiness
ü Proven ability to define and execute PKI strategies at an enterprise level
ü Strong analytical and problem-solving skills with a risk-based approach to security
ü Excellent communication skills to engage both technical and executive stakeholders
ü Experience in mentoring teams and driving security best practices across project teams
· Operational:
ü Install, configure and maintain the day-to-day NATO wide PKI systems and components
ü Install, configure and maintain NATO PKI (NPKI) virtualized infrastructure
ü Install, configure and maintain NPKI networking components
ü Install, configure and maintain NPKI hardware infrastructure
ü Install, configure and maintain NPKI LDAP directory service and support HTTP service
ü Responsible for Enterprise Mobile Mobility configuration, integration, maintenance
ü Responsible for LDAP directory service configuration and maintenance
ü Responsible for Online Certificate Status Protocol (OCSP) and Time Stamp management
ü Responsible for Database maintenance, dedicated for NPKI
ü Responsible for Card Management System deployment, integration and day-to-day management
ü Responsible for Hardware Security Module (HSM) firmware upgrade and management
ü Responsible for the creation of PKI related guidance
ü Certificate Authority Log analysis, (Troubleshoot the system ALARM/ERRORS and monitor user activity)
ü Support Smart Card enrolment and certificate creation process
ü Maintain the day-to-day operations /management /backup/restore of the PKI systems
ü Provide technical support and assistance to ITM Operating Authorities and NPKI-Mitigation project team
ü Provide 2nd and 3rd level technical support of CIS services to the NPKI customers
ü Designing of new PKI components
ü Responsible for the creation and maintenance of Standard Operating Procedures within the NPKI as part of modifications or additions to current capabilities
ü Documenting of all new PKI services
ü Installation and maintenance of NPKI components
ü Be flexible to work outside normal office hours in response to crises, operational requirements