PKI Senior Engineer (Identity & Access Management)

Malaysia, Selangor, Petaling Jaya
Spain, Madrid

de fr es ru tr it pt zh ja

As IAM Senior Engineer (PKI) you will be part of the Secure Access Engineering Global Team. Formed by twenty-six professional, distributed around the globe and with a variety of background and expertise within the Security and Identity & Access Management area.We face with complex issues and needs, where analysis of situations or data requires an in-depth evaluation of variable factors, including technology dependencies, inter-organizational impact and systems thinking approaches.


You will contribute and technically lead challenging projects which require deep technical knowledge and infrastructure engineering skills. You will be accountable and responsible for decision-making in technical design, build and testing, in the context of the projects/activities to which you will be assigned. In doing so, you will exercise sound judgment, balanced with effective consultative engagement of key stakeholders, in the methods and techniques chosen to obtain the desired results.


You will have the required skills, experience and depth of knowledge to be able to influence significantly both IAM vendor product selections and improvements.


Your main responsibilities would be

  • To lead and contribute to the end-to-end design of infrastructure solutions and the creation and maintenance of related component standards

  • To produce and maintain sufficient documentation for the designs, design patterns, and component standards created or maintained

  • To interact with senior internal and external partners on significant technical matters as they relate to prioritized objectives

  • To strengthen the overall Engineering community by building bridges and collaborating with Principal Engineers, Senior Engineers, Engineers and Associate Engineers in other infrastructure solution areas

  • To contribute to determining success criteria and evaluation of promising solutions/technologies via Proofs of Concept (PoCs) and feasibility studies across two or more areas within their infrastructure solution area, as they relate to meeting Roche’s business needs

  • To architect (as solution architect), design, build, test, and implement (first-time deployments) integrated, resilient and reliable solutions in multiple solution areas

  • To lead small-to-medium sized technical teams for specific objectives in medium-to-large initiatives (projects, lifecycle work, Proofs of Concept, etc.) and to provide the expert guidance required to drive technical developments in these initiatives

  • To advise, influence, collaborate with, and integrate feedback from various IT partners including Enterprise Architects, Solution Owners, Component Owners and line-of-business stakeholders

  • To ensure designs and solutions in their respective infrastructure solution area align and adhere to the organization’s Technical Architecture Framework (TAF) policies, standards and directions

  • To map the technology roadmaps into portfolio projects/activities and to estimate resources, dependencies, risks, and timelines required to deliver these projects/activities successfully

  • To contribute to the efforts to estimate Engineering resources and timelines to deliver projects/activities successfully

  • To contribute to and/or write position papers, white papers, technical recommendations and best practices including use cases for their infrastructure solution space

  • To remain proactive and aware of operational challenges and opportunities and work with support team staff to resolve incidents and major incidents

  • To ensure solutions and components implemented comply Quality/Regulatory standards, as applicable

  • Design continuous integration best practices for the development team using Docker, Ansible, and Jenkins. Leverage Docker and Ansible playbook design for continuous deployment and continuous delivery and maintain responsibility for configuration management for infrastructure as code. 


You will bring

  • At least 4 years experience of working in a multinational work environments (e.g. healthcare industry experience is a plus) as a Senior Engineer, fulfilling the role of Solution Architect or Technical Lead.

  • Must have in-depth expertise in developing, implementing and architecting security systems specifically for a large Global Enterprise including;

    • Experience working with PKI (Public Key InfrastructureEncryption) and Certificate Management

    • Knowledge of PKI governance best practices (e.g. Root Key Ceremony, Certificate Policy, etc.)

    • Experience/Knowledge of PKI Integration into Public Cloud environments

    • General cryptography knowledge: symmetric, asymmetric, RSA, AES, ECC, hashing, key management,internal PKI and external PKI

    • Knowledge on the main usages of digital certificates (encryption, code signing, user/device authentication, etc.)

    • Good understanding on key management/digital certificate practices around Microsoft PKI (Microsoft Active Directory Certificate Services), including hardening good practices.

  • It would be valuable if your bring;

    • Experience with HSM (hardware security module), knowledge of Gemalto/SafeNet products

    • Experience with a Registration Authority, knowledge of Keyf Factor Command

    • Experience with CyberArk, AWS Key Manager, AWS Certificate 

    • Experience with Java, XML, scripting languages (Perl, javascript,  Powershell etc…)

  • Strong customer engagement and presentation skills with the ability to communicate across all levels (senior and/or large audiences)

  • Ability to work effectively with team members and virtual teams from different locations and different cultural background

  • Strong oral and written communication skills in English.  German, Spanish or Chinese (Mandarin) are significant pluses

  • Proven project and time management skills

  • Moderate to extensive travel required and ability to work across multiple timezones, including some on-call and extended hours work, as required

  • One or more industry certifications in the respective infrastructure solution area(s) is highly desired