Product Engineer, Certificate Life Cycle Management

IAM Product Engineer, Certificate Life Cycle Management Mondelez International is hiring IAM Product Engineer, Certificate Life Cycle Management. Role Overview We are seeking IAM Product Engineer, Certificate Life Cycle Management to design, implement, and operate enterprise Public Key Infrastructure (PKI) and Certificate Lifecycle Management (CLM) capabilities supporting global digital certificate, encryption, and machine identity security requirements. This role will be responsible for the architecture, engineering, and automation of PKI and certificate lifecycle management platforms, including enterprise certificate authorities, integrations with public certificate authorities, and certificate lifecycle management tools such as Venafi. The position will focus on strengthening certificate governance, automation, and operational reliability across enterprise infrastructure, applications, APIs, and cloud platforms. This position works closely with IAM, cybersecurity, infrastructure, cloud, DevOps, and application teams to ensure secure certificate-based authentication, encryption services, and machine identity management across enterprise systems. Job Responsibilities Design, implement, and maintain enterprise Public Key Infrastructure (PKI) environments including root and subordinate certificate authorities using platforms such as Microsoft Active Directory Certificate Services (AD CS). Define and maintain PKI trust hierarchies, certificate issuance policies, certificate templates, and cryptographic key management standards supporting enterprise authentication, encryption, and digital trust requirements. Configure and manage PKI infrastructure components including CRL distribution points, OCSP responders, certificate validation services, and certificate trust chains. Engineer and enhance certificate lifecycle management (CLM) platforms such as Venafi, focusing on improving automation, governance, and operational reliability of certificate services. Develop and implement automation workflows and policy-driven processes within Venafi to enable secure and scalable certificate lifecycle operations across enterprise environments. Enable self‑service certificate provisioning and lifecycle management for application owners and infrastructure teams, allowing secure certificate request, issuance, renewal, and deployment through automated and policy‑controlled workflows. Integrate CLM platforms with enterprise systems, infrastructure platforms, and DevOps pipelines to automate certificate provisioning, renewal, and rotation across applications and services. Proactively manage the certificate lifecycle across the enterprise, ensuring certificates are renewed and rotated before expiration to prevent outages and service disruptions. Experience building self‑service certificate provisioning workflows using Venafi or other CLM platforms. Establish enterprise controls and monitoring to eliminate certificate‑related service outages and reduce risks associated with unmanaged or expired certificates. Maintain centralized visibility and inventory of certificates, keys, and machine identities, ensuring proper ownership tracking and lifecycle governance across enterprise environments. Manage integrations with public certificate authorities such as DigiCert to support lifecycle management of externally trusted SSL/TLS certificates. Implement automation using PowerShell, APIs, and scripting frameworks to streamline certificate lifecycle operations and reduce manual processes. Manage cryptographic key protection using Hardware Security Modules (HSMs) such as Thales to ensure secure key generation, storage, and lifecycle management. Monitor PKI infrastructure and certificate environments to identify certificate expiration risks, trust chain issues, or unauthorized certificate issuance events. Maintain PKI governance documentation including Certificate Policies (CP), Certification Practice Statements (CPS), architecture documentation, and operational runbooks. Collaborate with IAM, cybersecurity, infrastructure, DevOps, and application teams to strengthen machine identity governance, certificate lifecycle automation, and secure certificate‑based authentication across enterprise systems. Qualifications Education & Experience Bachelor’s degree in Computer Science, Cybersecurity, Information Technology, or related field. 8–12+ years of experience in PKI engineering, certificate lifecycle management, or cryptographic infrastructure within large enterprise environments. Proven experience designing and operating enterprise PKI environments and certificate lifecycle management platforms. Technical Expertise Strong hands‑on experience with: Public Key Infrastructure (PKI) architecture and certificate trust models. Microsoft Active Directory Certificate Services (AD CS). Certificate Lifecycle Management (CLM) platforms such as Venafi. Public Certificate Authorities (CAs) such as DigiCert. CRL and OCSP configuration and certificate validation infrastructure. Cryptographic standards and certificate‑based authentication mechanisms. Platform & Integration Experience Experience working with Hardware Security Modules (HSMs) for secure key management. Cloud platforms including Microsoft Azure and AWS for certificate integration. Certificate deployment across enterprise infrastructure including web servers, application servers, load balancers, and API platforms. Automation using PowerShell, REST APIs, or scripting frameworks. DevOps integration for certificate automation within application deployment pipelines. No Relocation support available. Job Type Regular Information Security Technology & Digital Mondelez International is an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, gender, sexual orientation or preference, gender identity, national origin, disability status, protected veteran status, or any other characteristic protected by law. #J-18808-Ljbffr