Certificate Services & Data Encryption Engineer

PSCU/Co-op Solutions is now Velera! PSCU and Co-op Solutions became a single entity on January 2, 2024, and our new company name was announced on May 7, 2024. Our new brand represents our combined company’s shared mission and unique ability to drive velocity and positive momentum for credit union success in a new era of financial services.

The Opportunity:

We are seeking a highly motivated and skilled Certificate Services & Data Encryption Engineer to join our IT Vulnerability Management, Risk Mitigation (RM) team. This role will involve, but is not limited to, the total management, oversight, and support of Velera’s advanced cryptographic and data encryption dependencies.

A key focus and responsibility will include both internal and external cryptographic digital certificate services management, ensuring their secure issuance, renewal, and lifecycle management are maintained to Velera standards. Aligned with certificate oversight, further responsibilities will include the management of a Hardware Security Module (HSM) for certificate key protection.  The incumbent will also provide oversight for the systems and services that manage and automate certificate activities, including the use of Venafi and Microsoft ADCS.

This role will also maintain our at-rest data tokenization platform, intended to cryptographically secure Velera’s data in accordance with PCI requirements and other elevated Security governance standards.

A sense of ownership, and a want and willingness to learn, assume new responsibilities, and an overall initiative-based drive are keys to success in this position and successive/advanced roles within the team.

Day in the Life:

• Manage the full lifecycle of digital certificates, including issuance, renewal, revocation, and decommissioning.
• Direct administration and engineering for all dependent cryptographic implementations in support of securing Velera’s sites, communications, data, proprietary code, connections, etc.
• Oversee both internal and external certificate authorities (CAs), ensuring compliance with industry standards and organizational policies, utilizing Venafi for certificate management automation, monitoring, and reporting.
• Implement monitoring systems to track certificate expiration dates and ensure timely renewals to avoid service interruptions.
• Administer an HSM(s) for the secure storage and management of cryptographic keys used in certificate services. This includes ensuring that the HSMs are properly configured, maintained, and integrated with certificate management systems to ensure the integrity, confidentiality, and availability of cryptographic keys.
• Manage and oversee at-rest cryptographic data encryption solutions to protect corporate data assets while Collaborating with IT and security teams to align encryption strategies with organizational goals and regulatory requirements.
• Utilizing tools such as Netwrix for monitoring, auditing, and reporting, ensure comprehensive visibility and control over the environment to monitor infrastructure data blind spots to mitigate or prevent data loss and corruption.
• Align with engineering teams as needed around design, implementation, and support issues involving key stores and/or proper certificate requests, use, renewal, and revocation.
• Act as a subject matter expert on PKI, certificate types, use cases, and certificate lifecycle management – remaining updated on the latest developments in encryption technologies and PKI, ensuring the organization’s practices remain current and effective.

Qualifications:

• Bachelor’s degree in computer science, Information Technology, or a related field, or the equivalent combination of demonstrated education and experience in a related information technology required.
• Relevant certifications (e.g., Certified Information Systems Security Professional (CISSP), Certified Encryption Specialist (CES)) are a plus.
• 7+ years of experience in certificate management, PKI, and data encryption.
• 5+ years of direct systems and/or network engineering
• Understanding of Kerberos / Microsoft Secure Channel required
• Understanding of Linux SSH and SSSD is helpful
• Direct experience with Microsoft Active Directory and ADCS a must
• Experience managing services with a trusted, outside certificate provider required.
• Experience working with a trusted certificate issuer like Digicert
• Experience managing certificates via a certificate management platform like Venafi.
• Experience utilizing and managing a cryptographic data tokenization platform like CipherTrust
• Experience with F5, JKS, IIS, JBoss/JDK, IDP’s/SP’s and their integration with certificate services a plus.
• Experience managing Hardware Security Modules (HSMs) for key protection.
• Strong knowledge of PKI, certificate lifecycle management, and typical certificate infrastructure topologies.
• Deep understanding of cryptographic technologies, processes, and data encryption technology integration best practices.
• Strong communication skills, with the ability to provide clear guidance to technical and non-technical stakeholders.

About Velera

At Velera we are committed to fostering a workplace where every employee feels valued, respected, and connected. We understand, attract and engage a diverse workforce where every employee can live up to their full potential; ensuring that our employee base reflects the consumers we serve. The result of this effort is an inclusive environment where diverse talent thrives. We strive to foster a safe and inclusive work environment for people to bring their authentic selves in order to build a better community within our company and with our partners.   Learn more about our commitment to Diversity, Equity, and Inclusion HERE!

Pay Equity

$95,800.00

to

$124,500.00

Actual Pay will be adjusted based on experience and other job-related factors permitted by law.

Great Work/Life Benefits!

• Competitive wages
• Medical with telemedicine
• Dental and Vision
• Basic and Optional Life Insurance
• Paid Time Off (PTO)
• Maternity, Parental, Family Care
• Community Volunteer Time Off
• 12 Paid Holidays
• Company Paid Disability Insurance
• 401k (with employer match)
• Health Savings Accounts (HSA) with company provided contributions
• Flexible Spending Accounts (FSA)
• Supplemental Insurance
• Mental Health and Well-being: Employee Assistance Program (EAP)
• Tuition Reimbursement
• Wellness program
• Benefits are subject to generally applicable eligibility, waiting period, contribution, and other requirements and conditions