PKI Strategy and Architecture Duties:

• Lead the design, implementation, and continuous improvement of enterprise PKI solutions, including Certificate Authorities (CAs), Registration Authorities (RAs), and Hardware Security Modules (HSMs);
• Define and enforce PKI security policies, standards, and best practices to align with NATO policy and industry requirements;
• Develop a strategic roadmap for PKI evolution, including cloud-based cryptographic services and post-quantum cryptography readiness;
• Proven ability to define and execute PKI strategies at an enterprise level;
• Strong analytical and problem-solving skills with a risk-based approach to security;
• Excellent communication skills to engage both technical and executive stakeholders;
• Experience in mentoring teams and driving security best practices across project teams.

Operational Duties:

• Install, configure and maintain the day-to-day NATO wide PKI systems and components;
• Install, configure and maintain NATO PKI (NPKI) virtualized infrastructure;
• Install, configure and maintain NPKI networking components;
• Install, configure and maintain NPKI hardware infrastructure;
• Install, configure and maintain NPKI LDAP directory service and support HTTP service;
• Responsible for Enterprise Mobile Mobility configuration, integration, maintenance;
• Responsible for LDAP directory service configuration and maintenance;
• Responsible for Online Certificate Status Protocol (OCSP) and Time Stamp management;
• Responsible for Database maintenance, dedicated for NPKI;
• Responsible for Card Management System deployment, integration and day-to-day management;
• Responsible for Hardware Security Module (HSM) firmware upgrade and management;
• Responsible for the creation of PKI related guidance;
• Certificate Authority Log analysis, (Troubleshoot the system ALARM/ERRORS and monitor user activity);
• Support Smart Card enrolment and certificate creation process;
• Maintain the day-to-day operations /management /backup/restore of the PKI systems;
• Provide technical support and assistance to ITM Operating Authorities and NPKI-Mitigation project team;
• Provide 2nd and 3rd level technical support of CIS services to the NPKI customers;
• Designing of new PKI components;
• Responsible for the creation and maintenance of Standard Operating Procedures within the NPKI as part of modifications or additions to current capabilities;
• Documenting of all new PKI services;
• Installation and maintenance of NPKI components;
• Be flexible to work outside normal office hours in response to crises, operational requirements.