Senior PKI Engineer

Assurity Trusted Solutions (ATS) is a wholly owned subsidiary of the Government Technology Agency (GovTech). As a Trusted Partner over the last decade, ATS offers a comprehensive suite of products and services ranging from infrastructure and operational services, governance and assurance services as well as managed processes. In a dynamic digital and cyber landscape, where trust & collaboration are key, ATS continues to drive mutually beneficial business outcomes through collaboration with GovTech, government agencies and commercial partners to mitigate cyber risks and bolster security postures.

The Senior PKI Engineer is responsible for the design, implementation, and lifecycle management of the enterprise’s trust infrastructure. You will ensure secure communication across the global network by managing digital certificates, Certificate Authorities (CAs), and Hardware Security Modules (HSMs).

As a secondary focus, you will also ensure that the sensitive administrative accounts are vaulted, rotated, and monitored using Privilege Access Management (PAM) solution.

Responsibilities:

• Design, implement, operate government-wide PKI hierarchy (Offline Root, Issuing CAs) using Microsoft ADCS, or similar PKI system.
• Manage the Certificate Lifecycle Management (CLM) via development of automated tools to handle the discovery, issuance, renewal, and revocation of certificates such as SSL/TLS, device, IPSEC.
• Implement and maintain the Hardware Security Modules (HSMs) for secure key storage and lead critical "Key Ceremonies."
• Automate and develop scripts (PowerShell, Python) and utilize APIs to automate certificate enrollment for DevOps, and mobile devices.
• Security Standards: Ensure compliance with FIPS 140-2/3, NIST 800-57.
• Secondary responsibilities: Familiar with managing of vaults, secrets, administrative accounts and credential rotations using the PAM solution.

Requirements:
Technical Skills

• 7+ years in Information System/Security, with at least 5 years dedicated to PKI/Cryptography.
• Deep knowledge in Microsoft Active Directory Certificate Services (ADCS) and OCSP/CRL management.
• Familiarity with PAM platforms like CyberArk or Beyond Trust.
• Scripting: High proficiency in PowerShell or Python for automation.
• Protocols: Advanced knowledge of X.509, SCEP, ACME, EST, and Kerberos.

Certifications (Preferred)

• CISSP (Certified Information Systems Security Professional)
• Microsoft Azure Security Technologies

Join us and discover a meaningful and exciting career with Assurity Trusted Solutions!

The remuneration package will commensurate with your qualifications and experience. Interested applicants, please click "Apply Now".

We thank you for your interest and please note that only shortlisted candidates will be notified.

By submitting your application, you agree that your personal data may be collected, used and disclosed by Assurity Trusted Solutions Pte. Ltd. (ATS), GovTech and their service providers and agents in accordance with ATS’s privacy statement which can be found at: https://www.assurity.sg/ or such other successor site.

Benefits:
• A wholly-owned subsidiary of GovTech.
• We promote a learning culture and encourage you to grow and learn.
• Contract Staff enjoys the same benefits as Permanent Employees.