Professional Services Principal PKI Consultant

ABOUT UTIMACO

Utimaco is a worldwide supplier of professional cyber-security solutions and is based in Aachen, Germany. Since 1983, Utimaco develops hardware security modules and compliance solutions for telecommunication provider regulations. Utimaco is a world-market leader in both segments. Customers and parters of Utimaco in all parts of the world trust the company's long-term, proven reliability and investments protection, as well as its many certified IT security standards. Utimaco stands for recognizes product quality, user-friendly software, excellent support and trusted high security-made in Germany. 

To further strengthen our Corporate Unit we are looking for a:   Professional Services Principal PKI Consultant

Your tasks:

The Principal PKI Consultant is a senior technical and customer-facing leadership role responsible for designing, advising, and delivering enterprise-grade Public Key Infrastructure (PKI) and cryptographic solutions.

This role acts as the subject matter expert (SME) for PKI architecture, certificate lifecycle management, cryptographic governance, hardware security module (HSM) implementation, and emerging technologies such as Post-Quantum Cryptography (PQC).

Principal PKI Consultant provides technical leadership in complex customer engagements from advisory and architecture design through PKI system deployment and operational transition.  This role requires deep technical expertise in enterprise security architecture, regulatory compliance, cryptographic standards and multi-vendor integration.

In addition to project delivery responsibilities, the Principal PKI Consultant contributes to pre-sales strategy by working closely with Account Mangers and executive stakeholders to ensure successful project outcomes and long-term customer success.

The ideal candidate for this role must combine deep cryptographic knowledge with strong consulting skills, with the ability to translate complex technical requirements into scalable, secure enterprise PKI architectures.

  • Lead enterprise PKI architecture design (offline root CA, subordinate CA hierarchy, policy CAs, OCSP, CRL, key management systems)
  • Design and review Certificate Policies (CP) and Certification Practice Statements (CPS)
  • Provide governance frameworks for certificate lifecycle management and crypto-agility
  • Architect secure integrations with IAM, MDM, DevOps, cloud, IoT, and application environments
  • Lead HSM integration, key ceremony planning, and secure key management processes
  • Advise customers on regulatory compliance (eIDAS, WebTrust, NIST, ISO 27001, etc.)
  • Provide technical leadership during customer workshops and executive briefings
  • Mentor Professional Services Engineers and Consultants
  • Conduct technical design reviews and quality assurance for PKI projects
  • Support post-deployment optimization and operational maturity
  • Drive standardization and documentation best practices. 

Your profile:

Customer Engagements & Solution Architecture

  • Lead discovery sessions to gather and document detailed customer requirements
  • Develop comprehensive requirements documents, architecture designs, and solution specifications
  • Design secure PKI hierarchies (offline root, subordinate CAs, OCSP responders, CRL distribution, key management)
  • Architect high-availability, disaster recovery, and crypto-agile PKI environments
  • Develop Certificate Policies (CP) and Certification Practice Statements (CPS) when required

Provide executive-level and technical workshops to stakeholders

Project Delivery

  • Manage and maintain complete project documentation, including design documents, configuration guides, and operational runbooks
  • Lead product installation, configuration, integration, and testing activities
  • Oversee key ceremonies and secure key management processes
  • Ensure alignment between scope, timeline, deliverables, and customer expectations
  • Deliver customer training and structured knowledge transfer

Technical Leadership & Subject Matter Expertise

  • Develop deep expertise in enterprise PKI platforms, cryptographic modules, and HSM technologies
  • Serve as subject matter expert on cryptographic standards and interfaces (e.g., X.509, PKCS#11, CAPI/CNG, TLS, OCSP)
  • Provide guidance on crypto-agility strategies and emerging standards, including Post-Quantum Cryptography (PQC) readiness
  • Develop reusable code modules, scripts, integration templates, and best-practice documentation
  • Support sales teams in scoping engagements and translating opportunities into well-defined projects

Integration & Implementation

  • Integrate PKI solutions with:
    • Active Directory & Identity platforms
    • Web/application servers
    • DevOps pipelines
    • Cloud environments (Azure, AWS, GCP)
    • Network security infrastructure
  • Support certificate lifecycle automation and enrollment solutions
  • Troubleshoot complex cryptographic, networking, and interoperability issues

Continuous Improvement

  • Mentor junior consultants and engineers.
  • Stay current with regulatory requirements, cryptographic standards, and market trends.

Participate in internal knowledge sharing and technical innovation initiatives.

Core Technical Competencies

  • Expert-level understanding of:
    • Public Key Infrastructure (PKI) architecture
    • Digital signatures and certificate lifecycle management
    • Cryptographic algorithms and key management principles
    • Secure communications (TLS/SSL)
  • Practical experience with:
    • Microsoft Active Directory Certificate Services (ADCS)
    • Enterprise Certificate Authorities
    • HSM integration
    • Web/application servers (Apache, IIS)
    • Linux, Unix variants, and Windows environments
  • Strong networking background (TCP/IP, DNS, load balancing concepts).
  • Working knowledge of cryptographic APIs and interfaces (PKCS#11, CAPI/CNG).
  • Basic to intermediate programming skills (e.g., Java, C++, C#, PowerShell, Python).
  • Ability to troubleshoot hardware, software, and network-related security issues.

Project & Consulting Skills

  • Working knowledge of structured project management methodologies.
  • Ability to translate business requirements into technical architecture.
  • Strong documentation and technical writing skills.
  • Comfortable delivering presentations to both technical and executive audiences.

General education and experience

  • University degree in engineering, business, computer science, or similar related fields
  • Experience in IT support, R&D, or other relevant roles within IT 

  • Experience in working independently, receiving minimal guidance, preferably experience from the consulting industry

  • Experience from installation, configuration, troubleshooting, integration of software solutions

  • Preferably experience of working across different cultures and industries

    Additional education and experience

  • A minimum of 10 years of experience within the IT, and/or Information Security industry. Preferably a deep interest and passion for cybersecurity-related topics within one or several industries

  • Broad understanding and experience of one or several verticals and industries such as Automotive, Banking, Telco, FinTech, etc.

  • Understanding of product and “aaS” integrations/programming

  • Strong commercial experience with a good understanding of project management tools and techniques

  • Preferably CISSP / CSSP certification

General knowledge and skills

  • Expert-level understanding of Public Key Infrastructure and certificate lifecycle management
  • Deep knowledge of cryptographic algorithms and key management practices
  • Strong understanding of zero-trust and identity-centric security models
  • Experience integrating PKI with IAM, DevOps pipelines, container platforms, and IoT
  • Experience in Cloud-based implementation, configuration and management of “aaS” offerings.
  • Excellent knowledge of Utimaco product, service, and solution portfolio value proposition
  • Keeping up to date with market development, competition, trends
  • Strong customer and service orientation
  • Ability to effectively manage time and resources during professional services projects
  • Understanding of real-world Cryptographic use cases and data security
  • Patience and maturity to take advantage of the resources of a global information leader, as well as the passion and drive of an early-stage startup
  • Skilled in identifying and solving problems
  • Out of the box thinker
  • Consultative approach with the ability identification of needs and problems
  • Accustomed to working with short deadlines in customer engagements
  • Entrepreneurial spirit and drive
  • Strong interpersonal skills and a likable personality
  • Strong verbal and written communications skills, listening and teamwork skills, and effective presentation skills
  • Fluent written and spoken English

We offer you:

Utimaco, Inc. is an Equal Opportunity Employer. We are committed to fostering a diverse and inclusive workplace where all individuals are treated with respect and dignity. Employment decisions are made without regard to race, color, religion, gender, sexual orientation, gender identity or expression, age, national origin, disability status, veteran status, genetic information, or any other protected characteristic as defined by applicable laws.

We welcome applicants from all backgrounds and strive to ensure that our hiring practices are fair, transparent, and free from discrimination. If you require accommodations during the application process, please contact HR-US@utimaco.com.

Utimaco is an international provider of IT security solutions and cybersecurity technologies with headquarters in Aachen (Germany) and Campbell (USA). For over 40 years, we have been developing innovative solutions for the protection of people, data and communications that meet the highest standards. We are the world's leading manufacturer of hardware security modules and compliance solutions in a wide range of industries such as automotive, banking, telecommunications and many more.

With our global network of partners and customers, we contribute to making digital information and infrastructures secure worldwide. Become part of our team and help us make the digital world more secure - together we are shaping the future of IT security.

We Offer:

  • 99% Employer paid premium for Medical, Dental and Vision benefits
  • 401k Match
  • FSA and Dependent Care
  • Short-Term Disability, Long-Term Disability, Life Insurance and AD&D
  • Employee Assistance Program
  • Generous PTO and Holiday Policy
  • An open and friendly corporate culture characterized by constructive and collaborative interaction
  • A flexible working hours model that can be adapted to individual needs
  • Professional and personal development through targeted training opportunities

Our Core Values:

  • Deliver Secure and reliable cybersecurity solutions
  • Acquire Excellence through customer focus
  • Innovate with passion
  • Collaborate and be professional
  • Be open and honest

DO YOU FEEL ADDRESSED?

Then we look forward to receiving your detailed application stating your earliest possible starting date and your salary expectations.

Apply