Engineer PKI & Active Directory
Support complex enterprise architectures by developing and implementing detailed design, configuration and engineering strategies/solutions for one or more technologies within PKI and Active Directory. Ensure capability, flexibility, scalability, performance and reliability objectives are met or exceeded for a variety of small to mid-size projects. In collaboration with the team and vendor/contractor resources, ensure viable designs, flawless execution, and seamless transition into the production environment. Responsibilities
- Independently perform moderately difficult assignments in the design, detailed configuration, integration and support of existing and future technologies within PKI and Active Directory. Pan, design, review and approve robust, stable, scalable and manageable designs. Perform problem diagnosis, initiate problem resolution and provide ongoing life-cycle support for technology deployments and upgrades.
- Create and maintain documentation of detailed design documents, diagrams, engineering specifications, build changes, models, troubleshooting and support guides, systems metrics, and overall project information (including key deliverables). Responsible for the technical correctness and completeness of engineering designs and artifacts. Ensure that build activities are completed per engineering diagrams that were drafted and approved for the project. Redirect build activities as needed.
- Manage effective relationships and work in partnership with leadership, team members, vendors, and contractors to deliver robust technical solutions ensuring service level commitments and project time lines are maintained. Provide technical expertise, direction and prioritization of work to team members ensuring successful project implementation and outstanding service delivery. Mentor, coach and contribute to the development of peers and other team members as appropriate.
- Collaborate with team members to ensure project scoping activities are aligned with architectural objectives. Utilize performance data and historical metrics to effectively: plan for growth needs; plan upgrades, migrations, optimizations and new implementations; identify and resolve efficiency issues; and improve overall functionality. Manage hand-over of design solutions and provide multi-faceted testing support and validation prior to the final release of new and upgraded technologies.
- Recommend, deploy and document design strategies and solutions for software/hardware/network engineering problems, based upon comprehensive and thoughtful analysis of business goals, objectives, requirements and existing technologies. Independently identify key issues, patterns and deviations. Recommend robust solutions utilizing pragmatic judgment, creativity, and in-depth technical knowledge and evaluation to comprehensively meet the needs of the business.
- Participate and provide input into the continual refinement of processes, policies and best practices to ensure optimal performance and availability of technologies. Promote reuse and develop consistent technical build, implementation and support processes. Validate -- and adhere to -- defined standards. Ensure ongoing improvements align with existing process and service management principles and Systems Development Life Cycle (SDLC) methodologies.
- Continuously develop specialized knowledge and technical subject matter expertise by remaining apprised of industry trends, the direction of emerging technologies, and their potential value to the business. Effectively present the value proposition of business-appropriate emerging technologies to technology leadership.
- Bachelors degree in Computer Science, Engineering, or related field; or equivalent work experience.
- 5-7 years of relevant work experience required (i.e. Design, implementation and administration of Active Directory Certificate Services (Microsoft PKI)
- 5-7+ years of experience and proven engineering expertise within PKI and Active Directory.
- Strong analytical and customer service abilities.
- Ability to communicate and articulate technical information across various organizational levels.
- Strong thought leadership abilities and a highly innovative problem solver.
- High reasoning aptitude and ability to quickly understand a complex operating environment.
- Provide On-Call support as needed.
About Our Company
- Strong understanding of certificate lifecycle challenges and the understanding of how to mitigate risk and outages.
- Strong understanding of X.509, RSA, SSL/TLS, Wildcard, SAN certificate and certificate management processes.
- Familiarity with cloud technologies and PKI requirements
- Hands on experience on working with certificate lifecycle management solution, Preferably Venafi.
- Experience designing deployments of certificates in an enterprise environment
- Familiarity with API development and its concepts.
- Experience with PowerShell scripting.
- Good understanding with Active Directory including build and deploy Microsoft Active Directory Domain Controllers, consolidate Sites and Domains, and monitor the health of existing systems.
- Good understanding of cloud computing and infrastructure like AWS IAM and Azure Active Directory
- Familiarity with Agile principle and concepts
- Good understanding of information security principles
- Nice to have experience in HSMs, NDES, OCSP.
- Good to have experience of certificate provisioning via an MDM solution.
With the right company, life can Be Brilliant®. The Ameriprise Financial Technology team mission is to create innovative technology solutions and engaging digital experiences for our clients, advisors, and employees. We embrace an inclusive and collaborative culture that allows us to partner across the business and lend our expertise in the areas of corporate computing, network infrastructure and security. We celebrate the unique qualities and reward the contributions of our talented, passionate employees. If you're motivated and want to work for a strong, ethical company that cares about you and your community, take the next step with Ameriprise Technology and we can Be Brilliant® together.
Ameriprise Financial is an equal opportunity employer. We consider all qualified applicants without regard to race, color, religion, sex, national origin, genetic information, age, sexual orientation, citizenship, gender identity, disability, veteran status, marital status, family status or any other basis prohibited by law.