Job Description

:
The Senior Security Engineer will be responsible for leading and managing Identity, PKI, and Cryptographic Security solutions across enterprise-scale environments. This role involves hands-on administration, design, and integration of Saviynt IGA, PKI infrastructure, and data encryption platforms to ensure compliance, security, and operational excellence.
Key Responsibilities
Identity & Access Management (Saviynt IGA)

• Lead end-to-end administration of Saviynt IGA, including Joiner-Mover-Leaver (JML) lifecycle, access provisioning, and de-provisioning.
• Design and implement workflows, Segregation of Duties (SoD) controls, risk policies, and access certifications.
• Onboard new applications, configure connectors, and manage integrations with AD, Azure AD, and downstream systems.
• Conduct periodic access reviews, manage attestation campaigns, and ensure compliance with SOX and GDPR (UK) standards.
• Troubleshoot complex provisioning failures and reconciliation issues with application teams.

Public Key Infrastructure (PKI) & Certificates

• Manage internal Certificate Authority (CA) operations, including certificate issuance, renewal, revocation, and auditing.
• Handle CRL/OCSP configuration, certificate templates, and key archival processes.
• Ensure PKI availability and compliance; integrate with AD, network devices, web servers, and application gateways.
• Coordinate PKI design improvements, CA migrations, and infrastructure transitions.
• Administer external SSL/TLS certificates via Sectigo (or equivalent tool).
• Integrate certificates across servers, load balancers, WAF, and application endpoints.
• Automate certificate enrollment and renewal processes.
• Support transitions from external certificate providers (e.g., Sectigo) to internal PKI systems.

Encryption & Data Protection (Voltage SecureData)

• Administer Voltage SecureData for encryption, tokenization, and masking of sensitive data (PII, payment data).
• Support application teams with encryption/decryption and key management.
• Ensure compliance with enterprise data protection and regulatory standards.
• Troubleshoot encryption failures and token retrieval issues.

Operational Excellence

• Drive identity security enhancements, audit readiness, and continuous improvement.
• Participate in incident, change, and problem management (aligned with ITIL processes).
• Prepare technical documentation including runbooks, architecture diagrams, migration plans, and RCA reports.
• Participate in critical incident (P1/P2) and CAB calls; manage change requests and Go/No-Go decisions.
• Ensure high availability and governance of identity and encryption platforms.

Organizational Skills

• Ability to lead technical security services independently and ensure reliable delivery.
• Experience working with global teams and cross-functional stakeholders.
• Strong adherence to ITIL processes and change control governance.
• Skilled in documentation and reporting using tools like ServiceNow, Confluence, and Excel.

Personal Skills

• Excellent communication and stakeholder management skills.
• Strong analytical and troubleshooting mindset.
• Demonstrated leadership in mentoring and supporting junior engineers.
• Ownership-driven, proactive, and continuously learning.

Technical Skills

• Saviynt IGA: RBAC, workflows, connectors, SoD, certifications.
• PKI & Certificates: CA hierarchy, CRL/OCSP, SSL/TLS lifecycle management.
• Sectigo (or equivalent): External certificate provisioning and automation.
• Voltage SecureData: Tokenization, encryption, key management.
• Security Protocols: Kerberos, NTLM, TLS, Mutual Authentication.
• IAM Integrations: On-prem and cloud application integrations.

Experience

• 5-8 years in Identity Security, PKI, Federation, or Encryption Services.
• Minimum 2 years' hands-on experience in Saviynt, PingFederate, or PKI infrastructure support.
• Proven experience managing enterprise certificate lifecycles and IAM platform integrations.
• Involvement in onboarding, migration, or transition projects for IAM/PKI platforms.

Preferred Certifications

• Microsoft Certified: Identity and Access Administrator Associate
• Certified Encryption Specialist (Voltage or equivalent)
• Sectigo / PKI Certification (desirable)
• ITIL Foundation (preferred)

Skills:
IAM,PKI Infrastructure,Security Services
About Company:
UST is a global digital transformation solutions provider. For more than 20 years, UST has worked side by side with the world's best companies to make a real impact through transformation. Powered by technology, inspired by people and led by purpose, UST partners with their clients from design to operation. With deep domain expertise and a future-proof philosophy, UST embeds innovation and agility into their clients' organizations. With over 30,000 employees in 30 countries, UST builds for boundless impact--touching billions of lives in the process.

Skills Required