Systems Engineer (Public Key Infrastructure)
Addison, Texas;Washington, District of Columbia; Denver, Colorado
**Job Description:**
Come join an exciting team within Global Information Security (GIS). Cyber Security Technology (CST) is a globally distributed team responsible for cyber security innovation and architecture, engineering, solutions and capabilities development, cyber resiliency, access management engineering, data strategy, deployment maintenance, technical project management and information technology security control support.
Participates in design, development and implementation of systems engineering activities, to include OS technical support, systems programming and data center capabilities. Responsible for components of complex engineering and/or analytical tasks and activities. Assists in establishment of input/output processes and working parameters for hardware compatibility and coordination of subsystems design and integration of total system. Serves as a fully seasoned/proficient technical resource; provides tech knowledge and capabilities as team member and individual contributor. Will not have direct reports but will influence and direct activities of a team related to special initiatives or operations. Provides input on staffing, budget and personnel. Typically 5 or more years of systems engineering experience.
Primary Level of Engagement: Works as a team member under supervision from a more senior domain expert.
**Primary Interactions:**
Product Owner
Direct Manager
System Engineer Lead
Peer Engineering teams
Project Manager
GIS Peers
Control owners
**Key Responsibilities:**
Administration, operation, upgrade and support of Certification Authorities (CA), Registration Authorities (RA), online responders, and Hardware Security Modules (HSM) of a Microsoft Windows-based enterprise Public Key Infrastructure (PKI).
Ensure alignment with all PKI compliance and best practices.
Implement, operate and maintain physical and virtual machines in production and disaster recovery locations.
Interface with vendors that provide security/encryption related services
Participate in defining and developing the strategic plan for PKI for the enterprise
Lead the definition and implementation of POCs around PKI, KMS and other certificate related technologies
Ensure 247 uptime of the PKI services
Design, test, and implement changes/additions to HSMs in the PKI Infrastructure
Responsible for all engineering aspects of the company s PKI including: Internally and externally hosted Certification Authorities (CAs) and Registration Authorities, The enterprise certificate management system
Enterprise Code Signing Services, Consulting around cryptographic technologies, Hardware Security Module (HSM), NDES servers
Design and implement software systems in Windows that solve or automate the solving of complex networking and security problems. Requires a thorough understanding of Windows internals in order to meet very specific security and networking requirements.
Apply expert-level knowledge of public key infrastructure (PKI) to design and develop solutions to customer problems.
Apply a thorough understanding of the basics of IP networks and their workings (DNS, Security, IP Routing, HTTP, VPN, etc.)
Generate detailed requirements and design documents and user manuals for products
**Required Skills, Experience & Qualifications:**
Experience with Microsoft Windows Certification Authorities, in a CA Admin role
3+ years System Administration experience
Experience with Hardware Security Modules (HSM) and public key infrastructure (PKI) for certificate management.
Practical knowledge of cybersecurity issues, vulnerabilities and defenses
Self-starter and can work independently.
Possess expertise in both written and interpersonal communication, and in collaboration in a cross-functional team comprised of diverse personalities, skill sets, and levels of experience.
Experience in Software documentation, software packages, support and/or training of IT systems
Excellent troubleshooting abilities
Good end-user communication skills
Background in IT Security
**Job Band:**
H5
**Shift:**
1st shift (United States of America)
**Hours Per Week:**
40
**Weekly Schedule:**
**Referral Bonus Amount:**
0
**Job Description:**
Come join an exciting team within Global Information Security (GIS). Cyber Security Technology (CST) is a globally distributed team responsible for cyber security innovation and architecture, engineering, solutions and capabilities development, cyber resiliency, access management engineering, data strategy, deployment maintenance, technical project management and information technology security control support.
Participates in design, development and implementation of systems engineering activities, to include OS technical support, systems programming and data center capabilities. Responsible for components of complex engineering and/or analytical tasks and activities. Assists in establishment of input/output processes and working parameters for hardware compatibility and coordination of subsystems design and integration of total system. Serves as a fully seasoned/proficient technical resource; provides tech knowledge and capabilities as team member and individual contributor. Will not have direct reports but will influence and direct activities of a team related to special initiatives or operations. Provides input on staffing, budget and personnel. Typically 5 or more years of systems engineering experience.
Primary Level of Engagement: Works as a team member under supervision from a more senior domain expert.
**Primary Interactions:**
Product Owner
Direct Manager
System Engineer Lead
Peer Engineering teams
Project Manager
GIS Peers
Control owners
**Key Responsibilities:**
Administration, operation, upgrade and support of Certification Authorities (CA), Registration Authorities (RA), online responders, and Hardware Security Modules (HSM) of a Microsoft Windows-based enterprise Public Key Infrastructure (PKI).
Ensure alignment with all PKI compliance and best practices.
Implement, operate and maintain physical and virtual machines in production and disaster recovery locations.
Interface with vendors that provide security/encryption related services
Participate in defining and developing the strategic plan for PKI for the enterprise
Lead the definition and implementation of POCs around PKI, KMS and other certificate related technologies
Ensure 247 uptime of the PKI services
Design, test, and implement changes/additions to HSMs in the PKI Infrastructure
Responsible for all engineering aspects of the company s PKI including: Internally and externally hosted Certification Authorities (CAs) and Registration Authorities, The enterprise certificate management system
Enterprise Code Signing Services, Consulting around cryptographic technologies, Hardware Security Module (HSM), NDES servers
Design and implement software systems in Windows that solve or automate the solving of complex networking and security problems. Requires a thorough understanding of Windows internals in order to meet very specific security and networking requirements.
Apply expert-level knowledge of public key infrastructure (PKI) to design and develop solutions to customer problems.
Apply a thorough understanding of the basics of IP networks and their workings (DNS, Security, IP Routing, HTTP, VPN, etc.)
Generate detailed requirements and design documents and user manuals for products
**Required Skills, Experience & Qualifications:**
Experience with Microsoft Windows Certification Authorities, in a CA Admin role
3+ years System Administration experience
Experience with Hardware Security Modules (HSM) and public key infrastructure (PKI) for certificate management.
Practical knowledge of cybersecurity issues, vulnerabilities and defenses
Self-starter and can work independently.
Possess expertise in both written and interpersonal communication, and in collaboration in a cross-functional team comprised of diverse personalities, skill sets, and levels of experience.
Experience in Software documentation, software packages, support and/or training of IT systems
Excellent troubleshooting abilities
Good end-user communication skills
Background in IT Security
**Shift:**
1st shift (United States of America)
**Hours Per Week:**
40
Learn more about this role
Full time
JR-22017973
Band: H5
Manages People: No
Travel: Yes, 5% of the time
Manager:
Talent Acquisition Contact:
Nick Skaric
Referral Bonus:
0
Colorado pay and benefits information
**Colorado pay range:**
$75,000 - $130,000
annualized salary, offers to be determined based on experience, education and skill set.
**Discretionary incentive eligible**
This role is eligible to participate in the annual discretionary plan. Employees are eligible for an annual discretionary award based on their overall individual performance results and behaviors, the performance and contributions of their line of business and/or group; and the overall success of the Company.
**Benefits**
This role is currently benefits eligible . We provide industry-leading benefits, resources and support to our employees so they can make a genuine impact and contribute to the sustainable growth of our business and the communities we serve.
Bank of America and its affiliates consider for employment and hire qualified candidates without regard to race, religious creed, religion, color, sex, sexual orientation, genetic information, gender, gender identity, gender expression, age, national origin, ancestry, citizenship, protected veteran or disability status or any factor prohibited by law, and as such affirms in policy and practice to support and promote the concept of equal employment opportunity and affirmative action, in accordance with all applicable federal, state, provincial and municipal laws. The company also prohibits discrimination on other bases such as medical condition, marital status or any other factor that is irrelevant to the performance of our teammates.
To view the "EEO is the Law" poster, CLICK HERE (https://www.dol.gov/ofccp/regs/compliance/posters/pdf/eeopost.pdf) .
To view the "EEO is the Law" Supplement, CLICK HERE (https://www.dol.gov/ofccp/regs/compliance/posters/pdf/OFCCP\_EEO\_Supplement\_Final\_JRF\_QA\_508c.pdf) .
Bank of America aims to create a workplace free from the dangers and resulting consequences of illegal and illicit drug use and alcohol abuse. Our Drug-Free Workplace and Alcohol Policy (Policy) establishes requirements to prevent the presence or use of illegal or illicit drugs or unauthorized alcohol on Bank of America premises and to provide a safe work environment.
To view Bank of Americas Drug-free workplace and alcohol policy, CLICK HERE .
