Positions for PKI Architects

About the opportunity

We have positions for PKI Architects & Admins with a passion for all things PKI and cybersecurity.

You have worked in one or more of the following functions: PKI architect / admin or a cybersecurity role.

You and a team of application specialists and developers will create and manage a full stack environment from the ground up as well as incorporate the existing core infrastructure already in place today. You will be involved in most aspects of creating and extending the service portfolio to our customers and you will be involved in onboarding new customers on the infrastructure under your care.

We offer an interesting work environment, a diverse team of professionals in a flat organization and the ability to learn new things through practice, in-house training and external training (PKI technology, Linux qualifications, ITIL certification, cybersecurity certification, language training, …).

The team is based in two locations in the periphery of Brussels (Evere and Ruisbroek), both located close to the ring and to a train stations (resp. 2 minutes' and 12 minutes' walk to the office).
Part-time work and partial work from home are possible.

We offer a competitive remuneration package including with meal vouchers, health insurance, a company car, standby compensation and an annual performance bonus.
Purpose of the position

A reliable electronic signature is essential for many transactions, whether between governments and citizens, lawyers and clients, or in the world of business. ZetesConfidens provides a vast array of services for a secure and legal electronic signature to build confidence in the digital world. PKI is at the heart of these operations. Customers put Zetes' solutions into their mission critical applications. The importance of these solutions cannot be overestimated. The PKI Architect & Administrator is responsible for both the intellectual and the hands-on aspect of PKI management.

Special notice for starters (just graduated or < 1 year experience)
Starters are welcome. We will take into account your potential and we’ll agree on a fast paced 2-year growth path to get you up to speed.

We offer the following Career choices:

• Further specialization in PKI
• PKI projects worldwide

Tasks and responsibilities

You will not only design the PKI architecture and define the roadmap for the PKI components, but also will define the key management policy and certificate management policy. Moreover, you will co-author certification practice statements, certificate policies, timestamp policies, etc. Last but not least, you will organize and execute activities like:

• Key ceremonies
• Configuration and initialization of new PKI components or systems
• Audits, remediation and follow-up of recommendations
• Update and improve existing procedures

You are expected to participate in a 24/7 standby regime. While on standby you are either first or second in line to handle incidents. If the incident cannot be resolved remotely then you need to go on site. Standby periods and interventions are explicitly compensated.
Special notice for starters (just graduated or < 1 year experience)
Starters are welcome. We will take into account your potential and we’ll agree on a fast paced 2-year growth path to get you up to speed.

Your responsibilities for PKI management include:

• Selection and proofing of PKI products
• Experimentation with PKI configurations, certificate profiles, etc. 
• Definition of the PKI management processes and procedures.
• Day to day administration of the PKI infrastructure including CA and VA, HSM, backup media, timestamping infrastructure, etc.
• Perform exceptional tasks such as manual Certificate Enrolment, Certificate Revocation, etc.
• Define and describe the CA hierarchy, PKI architecture, configurations, etc
• Define and describe the lifecycles for managed objects such as certificates, keys, CRLs, etc.
• Provide support of certificate services projects and operation support
• Prepare and document configuration scripts
• Install, configure and maintain the operational environment
• Configuration of the PKI application software
• Maintain a test environment and test all critical procedures on this test environment

Your responsibilities for system maintenance and documentation:

• Troubleshooting and problem solving
• Maintain the integrity and security of servers and HSMs
• Maintain system documentation
• Define and (for specific purposes) implement or assist with the implementation of monitoring tools, specifically related to monitoring performance and availability for SLA for public services (CRL publication, web site, OCSP responder, certificate & revocation request handling, etc.)
• For the PKI equipment you do preventive maintenance and tests; following manufacturer's instructions; troubleshooting malfunctions; calling for repairs; maintaining equipment inventories; evaluating new equipment and techniques.
• Monitoring of PKI related Key Performance Indicators, analysis and reporting of incidents, follow technology trends
• Make recommendations to purchase hardware and software, coordinates installation and provides backup recovery

Your responsibilities for integration and deployment:

• Deploy the core PKI software components and the HSMs in close collaboration with the system administration team
• Define and describe the interfaces and protocols for integration of the core PKI components with external systems for card personalisation , card management and certificate management
• Create customized tools / software / scripts for highly specialised PKI-specific tasks
• Coordinate the installation and maintenance of the PKI systems

Reporting lines:

• As PKI Architect you report to the Director of ZetesConfidens and to the Head of Operations of the business unit.

Experience:

• Bachelor degree or master degree
• General understanding of ICT
• You can handle complex information and are able to describe ICT environments, write functional descriptions, procedures, reports, etc.
• Practical experience with PKI procedures and products
• Experience in Security Management is a plus
• Experience with a combination of the following:
  • Public Key Infrastructure (Internal and Internet)
  • X.509 Digital Certificate Management
  • Hardware Security Modules
  • Key Management
  • Cryptography Algorithms
  • TLS, XADES, PADES

Nice to Have

• Experience with scripting languages, i.e. Shell Script, Python, Perl, Powershell, Bash...
• Sysadmin experience with Linux or Windows

Soft skills

• You are able to work in a fast-paced, high-productivity and rapidly changing environment;
• You have good analytical and communication skills, able to act as a subject matter expert and transfer knowledge on testing topics to various audiences;
• You are able to work both independently as well as in team;
• You have attention to detail
• You are fluent in English (oral and written). Knowledge of other languages (such as Dutch/French) is an asset.

Language skills:

• Good Writing/Speaking of one of National Languages 
• Good Writing/Speaking of English    

IMPORTANT - Security Clearance:

Candidates must be eligible to a security clearance from the Belgian State Security office. It is recommended that you either have the Belgian nationality or the nationality of a EU/NATO member state and/or have lived several years in Belgium.

Points of attraction

Zetes offers you a unique and challenging position in a high-tech setting focused on cybersecurity and PKI. You work in a project team that brings together various state-of-the art technologies in soft- and hardware. 
Because of the international growth in demand for solid solutions, related to all domains of identity, Zetes is a successful and financially stable organization.
A flexible and nature-based working environment and excellent fringe benefits, such as a company car, insurance package, daily meals paid by Zetes etc. are part of the competitive salary package.