SAS

Welcome page

PKI Engineer

Job Locations IN-Pune
Requisition ID
20069870
Job Category
Information Technology
Travel Requirements
None

Job Description

We’re looking for an experienced PKI Engineer who is responsible for the engineering, operation, and continuous improvement of SAS’s Public Key Infrastructure (PKI) services. You will be responsible for the day-to-day reliability, security, and automation of certificate lifecycle services that support internal and external platforms, applications, devices, and integrations. 

This position works closely with Identity, Infrastructure, Operations, Application, and Hosting teams to ensure secure machine identity, encryption, and trust across on-premises and cloud environments, while operating within established enterprise architectures and security standards.

 

Primary Responsibilities

  • Engineer, operate, and maintain ownership and usage of public, trusted certificate services.  
  • Engineer, operate, and maintain private enterprise PKI services, including Issuing CAs, certificate templates, enrollment services, CRLs, and OCSP responders 
  • Perform certificate lifecycle management activities: issuance, renewal, revocation, expiration monitoring, and troubleshooting across both public and private services.  
  • Support certificate-based authentication for usersservers, applications, APIs, services, and devices 
  • Identify & Educate the stakeholders with appropriate certificate requirements 
  • Ensure high availability, backup, and recovery for PKI components. 
  • Implement and maintain certificate automation using approved tools, platforms and common standards (e.g., ServiceNow, DigiCert, ACME) 
  • Develop and maintain automation standards regarding integrations to reduce manual certificate operations 
  • Partner with DevOps and Platform teams to integrate PKI into CI/CD pipelines and infrastructure workflows 
  • Provide consistent direction and drive accountability to align with the SAS PKI program.  
  • Apply approved PKI security standards, CA hardening standards, and access controls 
  • Support compliance with SAS security standards, NIST guidance, applicable regulatory requirements, and evolving standards (post-quantum crypto – PQC) 
  • Participate in audits, risk reviews, and incident response activities related to PKI services 
  • Assist with certificate-related security investigations and root cause analysis.  
  • Act as a PKI subject matter contributor for internal teams consuming certificate services 
  • Provide Tier II / Tier III support for PKI related issues 
  • Create and maintain operational documentation, scripts, runbooks, and procedures 
  • Participate in on‑call rotation for PKI services (as required) 

 

 

Requirements

(Explain the technical areas/skills required for hiring)

Essential

  • You’re curious, passionate, authentic, and accountable. These are our values and influence everything we do.
  • 5+ years of experience in PKI, security engineering, or infrastructure security. 
  • Handson experience with Microsoft Active Directory Certificate Services (AD CS), step-ca, Venafi, Key factor, DigiCert.  
  • Working knowledge of X.509 certificates, TLS/SSL, RSA/ECC, CRLs, OCSP. 
  • Experience administering Windows & Linux Servers.
  • Scripting experience (shell/bash, Python, PowerShell).  
  • Ability to work with regular overlaps into EMEA business hours to support cross-region collaboration and knowledge transfer.

 

  • Demonstrated ability to develop others through mentoring, training, and documentation; experience enabling analyst or operations teams to support engineering outcomes. 

 

Additional

  • Ability to prioritize and deliver multiple initiatives simultaneously.
  • Strong customer service mindset with a focus on business outcomes.
  • Proven ability to lead technical discussions and stakeholder meetings.
  • Strong analytical & problem-solving skills.

Preferences

  • Experience with Certificate Management Platforms (Venafi, Key factor, DigiCert) 
  • Exposure to cloud PKI integrations (Azure, AWS, or GCP) 
  • Familiarity with automation, DevOps, or CI/CD environments 
  • Security or infrastructure certifications (e.g., Security+, vendor PKI training) 
  • Experience with technical document creation. 

 

Mandatory Technical Skills

  • PKI Engineering & Operations

 

Total Years of Relevant Experience

  • 5+ years of experience in PKI, Security Engineering, or Infrastructure Security 

 

Education Preference

Bachelor's / master’s degree in computer science, Engineering, or a related quantitative field

Equivalent combination of related education, training and experience may be considered in place of the above qualifications.  

 

 

Options

Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
Share on your newsfeed