Senior Enterprise Technology Engineer

Job Summary

We are seeking a skilled and detail-oriented PKI Engineer to build, implement, and maintain Public Key Infrastructure (PKI) systems across internal and external environments. The ideal candidate will have hands-on experience with Microsoft ADCS, certificate lifecycle management (Venafi), and integration with external PKI providers. This role is critical to ensuring secure authentication, encryption, and digital signing across enterprise systems.

Key Responsibilities

• Build, deploy, and handle Internal CA hierarchy (Root CA, Subordinate CA) using Microsoft ADCS.
• Integrate and handle External PKI services (e.g., DigiCert) for public-facing applications and services.
• Implement and maintain certificate lifecycle management using platforms like Venafi
• Ensure compliance with security policies, certificate guidelines, and industry standards (e.g., NIST).
• Handle CRL and OCSP configurations, including load balancing and high availability.
• Monitor and fix PKI-related issues including certificate enrollment, revocation, and authentication failures.
• Collaborate with security, infrastructure, and application teams to support secure communications and identity assurance.
• Maintain documentation for PKI architecture, processes, and operational procedures.
• Support code signing, document signing, and device authentication use cases.
• Evaluate and implement post-quantum cryptography readiness strategies.
  
  

Required Skills & Qualifications

• Bachelors degree in computer science, Information Security, or related field.
• Demonstrated ability in PKI engineering or related security infrastructure roles.
• Proven understanding of Microsoft ADCS, including offline Root CA and online Subordinate CA setup.
• Experience with HSMs (Hardware Security Modules) for key protection.
• Familiarity with external PKI providers and certificate issuance processes.
• Understanding of X.509 certificate standards, TLS/SSL
• Experience with certificate automation tools (e.g., Venafi, ACME clients).
• Knowledge of Active Directory, LDAP, and Kerberos authentication.
• Awareness of quantum-safe cryptography and emerging PKI trends.
• Strong analytical and problem-solving skills.
• Excellent communication and documentation abilities.
  
  

Preferred Certifications

• Microsoft Certified: Cybersecurity Architect / Identity and Access Administrator
• Certified Information Systems Security Professional (CISSP)
• Certified PKI Professional (CPKI)
• Venafi or Keyfactor platform certifications (if applicable)
  
  

About Bp

Our purpose is to deliver energy to the world, today and tomorrow. For over 100 years, bp has focused on discovering, developing, and producing oil and gas in the nations where we operate. We are one of the few companies globally that can provide governments and customers with an integrated energy offering. Delivering our strategy sustainably is fundamental to achieving our ambition to be a net zero company by 2050 or sooner!

We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform crucial job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation.

We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, sex, gender, gender expression, sexual orientation, age, marital status, veteran status, or disability status.

Even though the job is advertised as full time, please contact the hiring manager or the recruiter as flexible working arrangements may be considered.

---