Senior Public Key Infrastructure (PKI) Engineer in Rosemead, California

Join the Clean Energy Revolution

Become a Senior Public Key Infrastructure (PKI) Engineer at Southern California Edison (SCE) and build a better tomorrow. In this role, you will join a team of PKI experts to maintain our current generation solution while transforming, building, and enhancing our next generation certificate management system.

You will play a critical role in ensuring the security and integrity of digital communications within Southern California Edison. This position will be responsible for building/operationalizing certificate management systems, working with operational teams to manage the lifecycle of digital certificates, including issuance, renewal, revocation and auditing of the enterprise certificates and keys.

The ideal candidate will bring strong solutions development, troubleshooting, unit testing, and communication skills to the table. Be meticulous when implementing technical designs from strong specifications and requirements. Clearly document, effectively communicate, and drive the conversion of specifications into functional technology while working alongside Architecture and Operational teams.

As a Senior Public Key Infrastructure (PKI) Engineer, your work will help power our planet, reduce carbon emissions and create cleaner air for everyone. Are you ready to take on the challenge to help us build the future?

Responsibilities

• Performs security risk, vulnerability assessments, and business impact analysis for medium complexity information systems

• Carries out project reporting for assigned projects, monitoring project status, timeline and budgets

• Assists in the planning and implementation of current and future security domains including those which may introduce new service areas

• Adopts and follows security controls, processes, and procedures to manage risk across all information system environments (infrastructure, network, and applications) with the assistance of the application and infrastructure management teams

• Monitors technology risk, identifies root cause or key themes, recommends for resolution

• Investigates suspected attacks and manages security incidents. Uses forensics where appropriate

• Reviews and shapes the production of evidence to support internal and external audits

• Implements appropriate security measures for information systems and applications that control access to data, and prevents unauthorized modification, destruction, or disclosure of information

• Develops and maintains metrics, alerts, dashboards, and reports for security monitoring

• Maintains incident response plans and performs incident response activities as directed and in accordance with established procedures and guidelines and those of federal authorities

• A material job duty of all positions within the Company is ensuring the protection of all its physical, financial and cybersecurity assets, and properly accessing and managing private customer data, proprietary information, confidential medical records, and other types of highly sensitive information and data with the highest standards of conduct and integrity.

Minimum Qualifications

Preferred Qualifications

• Bachelor of Science in Information Systems, or similar technical field of study.

• Extensive hands-on experience in deploying and configuring both Public and Private Key Infrastructures (PKI) along with Hardware Security Modules (HSMs).

• Strong knowledge of architectures related to PKI management.

• Comprehensive understanding of the PKI/HSM ecosystem, including technology, standards, implementations, and migration strategies.

• Knowledge of the security industry, specifically around PKI Engineering Solutions.

• Experience deploying or maintaining Microsoft Certificate Authority, Entrust, Sectigo, Digicert, Keyfactor, Venafi, other certificate management platforms, and HSMs.

• Expertise in Online Certificate Status Protocol (OCSP), Certificate Management Protocol v2 (CMPv2), Certificate Authorities (CA), Registration Authorities (RA), Certificate Revocation List (CRL), X.509, Certificate Policy, and Public Key Infrastructure as a Service

• Strong troubleshooting skills

• Experience in administering Certificate Authority (CA) and Hardware Security Models (HSM) of company PKI infrastructure.

• Experience with working closely with IAM teams to implement Identity and Access Management PKI functionality for specific business and security requirements and processes.

• Understanding and the ability to communicate the process for the installation of PKI trust chain across multiple platforms.

• Firm understanding of cryptographic concepts including symmetric/asymmetric cryptography, hash algorithms, digital signatures, encryption, etc.

• Experience with certificate enabled applications, such as SSL/TLS, S/MIME, Code Signing, 802.1x, EAP-TLS, etc.

Additional Information

• This position’s work mode is hybrid. The employee will report to an SCE facility for a set number of days with the option to work remotely on the remaining days.  Unless otherwise noted, employees are required to work and reside in the state of California.  Further details of this work mode will be discussed at the interview stage. The work mode can be changed based on business needs.

• Visit our Candidate Resource (https://www.edisoncareers.com/page/show/candidate-resources) page to get meaningful information related to benefits, perks, resources, testing information, hiring process, and more!

• Qualified applications with arrest or conviction records will be considered for employment in accordance with the Los Angeles County Fair Chance Ordinance for Employers and the California Fair Chance Act.

• The primary work location for this position is Rosemead, CA.

• This position has been identified as a NERC/CIP impacted position – Prior to being hired, the successful candidate must pass a Personnel Risk Assessment (PRA) or Background Investigation. Once hired, the candidate must complete specified training prior to gaining un-escorted access to assigned work location and performing necessary job duties.

• Relocation may apply to this position.

About Southern California Edison

The people at SCE don’t just keep the lights on. Our mission is so much bigger. We’re fueling the kind of innovation that’s changing an entire industry, and quite possibly the planet. Join us and create a future with cleaner energy, while providing our customers with the safety and reliability they demand. At SCE, you’ll have a chance to grow personally and professionally, making a real impact in Southern California and around the world.

At SCE, we celebrate our differences. We are a proud Equal Opportunity Employer and will not discriminate based on race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, protected veteran status or any other protected status.

We are committed to ensuring that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodations at (833) 343-0727.