Job Description

The Senior Security Engineer will be responsible for leading and managing Identity, PKI, and Cryptographic Security solutions across enterprise-scale environments. This role involves hands-on administration, design, and integration of Saviynt IGA, PKI infrastructure, and data encryption platforms to ensure compliance, security, and operational excellence.

Key Responsibilities

Identity & Access Management (Saviynt IGA)

Lead end-to-end administration of Saviynt IGA, including Joiner-Mover-Leaver (JML) lifecycle, access provisioning, and de-provisioning. Design and implement workflows, Segregation of Duties (SoD) controls, risk policies, and access certifications. Onboard new applications, configure connectors, and manage integrations with AD, Azure AD, and downstream systems. Conduct periodic access reviews, manage attestation campaigns, and ensure compliance with SOX and GDPR (UK) standards. Troubleshoot complex provisioning failures and reconciliation issues with application teams.

Public Key Infrastructure (PKI) & Certificates

Manage internal Certificate Authority (CA) operations, including certificate issuance, renewal, revocation, and auditing. Handle CRL/OCSP configuration, certificate templates, and key archival processes. Ensure PKI availability and compliance; integrate with AD, network devices, web servers, and application gateways. Coordinate PKI design improvements, CA migrations, and infrastructure transitions. Administer external SSL/TLS certificates via Sectigo (or equivalent tool). Integrate certificates across servers, load balancers, WAF, and application endpoints. Automate certificate enrollment and renewal processes. Support transitions from external certificate providers (e.g., Sectigo) to internal PKI systems.

Encryption & Data Protection (Voltage SecureData)

Administer Voltage SecureData for encryption, tokenization, and masking of sensitive data (PII, payment data). Support application teams with encryption/decryption and key management. Ensure compliance with enterprise data protection and regulatory standards. Troubleshoot encryption failures and token retrieval issues.

Operational Excellence

Drive identity security enhancements, audit readiness, and continuous improvement. Participate in incident, change, and problem management (aligned with ITIL processes). Prepare technical documentation including runbooks, architecture diagrams, migration plans, and RCA reports. Participate in critical incident (P1/P2) and CAB calls; manage change requests and Go/No-Go decisions. Ensure high availability and governance of identity and encryption platforms.

Organizational Skills

Ability to lead technical security services independently and ensure reliable delivery. Experience working with global teams and cross-functional stakeholders. Strong adherence to ITIL processes and change control governance. Skilled in documentation and reporting using tools like ServiceNow, Confluence, and Excel.

Personal Skills

Excellent communication and stakeholder management skills. Strong analytical and troubleshooting mindset. Demonstrated leadership in mentoring and supporting junior engineers. Ownership-driven, proactive, and continuously learning.

Technical Skills

Saviynt IGA:

RBAC, workflows, connectors, SoD, certifications.

PKI & Certificates:

CA hierarchy, CRL/OCSP, SSL/TLS lifecycle management.

Sectigo (or equivalent):

External certificate provisioning and automation.

Voltage SecureData:

Tokenization, encryption, key management.

Security Protocols:

Kerberos, NTLM, TLS, Mutual Authentication.

IAM Integrations:

On-prem and cloud application integrations.

Experience

5-8 years in Identity Security, PKI, Federation, or Encryption Services. Minimum 2 years' hands-on experience in Saviynt, PingFederate, or PKI infrastructure support. Proven experience managing enterprise certificate lifecycles and IAM platform integrations. Involvement in onboarding, migration, or transition projects for IAM/PKI platforms.

Preferred Certifications

Microsoft Certified: Identity and Access Administrator Associate Certified Encryption Specialist (Voltage or equivalent) Sectigo / PKI Certification (desirable) ITIL Foundation (preferred)

Skills:

IAM, PKI Infrastructure, Security Services

Job Type: Full-time

Benefits:

Health insurance
Work Location: Remote