Senior PKI Engineer

Job not on LinkedIn

🕒 2 days ago

🤠 Texas – Remote

🤠 Texas – Remote

💵 $92.7k - $185.4k / year

⏰ Full Time

🟠 Senior

👷🏻‍♀️ Engineer

Apply Now

Find Similar Remote Jobs

Receive Emails For Remote Jobs

📊 Check your resume score for this job

Improve your chances of getting an interview by checking your resume score before you apply.

Upload Resume

CVS Health

WebsiteLinkedInAll Job Openings

10,000+ employees

Founded 1963

⚕️ Healthcare Insurance

🛒 Retail

🧘 Wellness

Healthcare Insurance • Retail • Wellness

CVS Health is a leading American healthcare company dedicated to improving health access and affordability. The company focuses on a comprehensive approach that includes health services, health insurance, and pharmacy benefits management. Through its subsidiaries, such as Aetna and CVS Caremark, CVS Health offers a range of services that facilitate wellness, condition management, and affordable prescription drug coverage. CVS Health operates neighborhood pharmacies, provides mail-order pharmacy services, and manages specialty medication programs, aiming to make healthcare convenient and accessible for everyone. Driven by a mission to connect people with essential care services, CVS Health is committed to fostering healthier communities and supporting the wellbeing of all individuals.

📋 Description

• design, build, and operate the certificate lifecycle management infrastructure that secures one of the largest healthcare enterprises in the United States • Engineer and maintain PowerShell and Python automation for certificate lifecycle operations: issuance, renewal, retirement, and reporting • Own and enhance the daily PKI operational reporting for certificate health monitoring across the enterprise • Automate certificate automation and governance workflows, including bulk operations across Venafi TPP REST APIs • Drive private chain adoption across application teams, targeting full migration off public CA chains for internal workloads • Manage Digicert Certificate authority and Digicert one Certificate lifecycle management • Execute the Legacy MSCA shutdown plan • Track and remediate certificates tied to the Legacy CA expiration (Feb 2027 hard deadline) • Maintain Zero Trust alignment across all PKI services: mTLS enforcement, workload identity, client authentication policies • Support HIPAA, PCI-DSS, and SOX audit readiness through certificate inventory governance, expiration tracking, and compliance reporting. • Contribute to PQC readiness planning: crypto-agility assessments, hybrid certificate testing, and algorithm migration roadmaps • Collaborate with network, application, and cloud teams to resolve certificate-related incidents and architecture reviews

🎯 Requirements

• 5+ years of hands-on PKI/CLM engineering experience in an enterprise environment (10,000+ certificates under management) • Deep working knowledge of X.509 certificate standards, CA hierarchies (root, intermediate, issuing), and certificate chain validation • Production experience with at least one enterprise CLM platform: Venafi TPP, AppViewX, Keyfactor, or CyberArk (formerly Venafi) • Strong scripting/automation skills in PowerShell and/or Python, including REST API integration with CLM and CA platforms • Hands-on experience with certificate provisioning to load balancers (F5 BIG-IP), CDNs (Akamai), web servers (IIS, Apache/Nginx), and cloud platforms (AWS ACM, Azure Key Vault) • Solid understanding of TLS/SSL protocols, cipher suites, key exchange mechanisms, and certificate revocation (CRL/OCSP) • Familiarity with ServiceNow, Jira, or equivalent ITSM/project tracking tools in a regulated enterprise environment.

🏖️ Benefits

• medical, dental, and vision coverage • paid time off • retirement savings options • wellness programs • other resources, based on eligibility