Key skills
PythonGolangBashPowerShellKubernetesAnsibleIdentity ManagementServiceNow
About this role
System One is a leader in delivering outsourced services and workforce solutions across North America, and they are seeking a PKI DevOps Engineer to support operations and automation workstreams for enterprise certificate lifecycle management. This role will involve designing and building automation to reduce manual work and improve security outcomes related to certificate management in cloud and Kubernetes environments.
Responsibilities:
- Support day-to-day operational execution for certificate lifecycle work (issuance, renewal, replacement, decommission) with a strong focus on reducing manual handling and preventing certificate-expiration risk
- Enhance operational workflows that include scripted Outlook notification/escalation logic and operational integrations (e.g., ticket/task creation)
- Partner with engineering and operations stakeholders to standardize repeatable procedures and ensure traceability of changes
- Develop and maintain automation that expands certificate coverage and reduces manual renewal effort, building on existing code-based automations and monitoring/notification patterns
- Implement or improve automation around certificate deployment patterns in modern platforms, including Kubernetes environments using components such as TLS for Kubernetes (TLSPK) and cert-manager
- Contribute to automation patterns for code/container signing processes and pipelines, helping establish consistent standards and repeatable workflows
- Support and enhance automations and operational improvements for CyberArk (formerly Venafi) Certificate Manager within CMEs ecosystem
- Assist in enabling cloud/Kubernetes certificate management approaches that leverage machine identity management tooling referenced by the team (e.g., Workload Identity Manager / Venafi Firefly references in CME materials)
Requirements:
- Certificates / X.509 lifecycle management experience (request/issue/renew/replace/decommission, inventory/monitoring, risk reduction)
- PKI fundamentals (CAs, chains, key usage, SANs, revocation, policy constraints; ability to troubleshoot certificate path and deployment issues)
- PowerShell (advanced scripting for automation, error handling, logging, packaging, scheduling, and secure credential handling)
- DevOps/automation mindset with production support experience (building reliable runbooks, monitoring/alerting hooks, and operational handoffs)
- Ability to work cross-functionally with security, infrastructure, and platform teams to deliver automation that is operationally supportable
- Venafi Trust Protection Platform / CyberArk Certificate Manager - Self Hosted
- CyberArk Certificate Manager - Kubernetes
- CyberArk Code Sign Manager
- Kubernetes cert-manager
- SPIFFE / SPIRE
- ServiceNow
- Python
- Ansible
- Golang
- Bash
- vcert