For one of our clients in the utilities industry we are looking for a freelance PKI Consultant: Project description: The project has the aim to remove the PKI token (used for singing, authentication and encryption) from the client. In order to achieve this the project needs to provide clear guidance to stakeholders and proper communication to end-users. As part of the replacement, we need to manage technical dependencies, advertise existing replacing technologies and expand the capabilities for Adobe Sign. The project will support stakeholders to migrate their dependencies and solve them. Alongside with that, we will develop and implement a long term archiving solution in order to stay compliant with regulatory requirements. To fulfil some remaining requirements we will also implement a small scale new PKI modern solution. Alongside the project implementation, we will also continue to deliver smaller improvements to the PKI landscape until we can switch it off. The initiative is a multi-year project spanning from 2021 to 2023. Task description:
Creation of S/MIME security concept and architecture to support the new PKI SMIME solution
Planning, Installing and configuring Certificate management PKI Components
Creation and realization of automation for TLS/SSL (Internal/External) and Azure Key Vault with ACME with pre-selected by the client Certificate Authority DigiCert
Analyse existing PKI infrastructure and consult for improvements based on given standards.
Establishing a new governance model for Azure Key Vault in the client environment, collection of use cases and creation of proper documentation for it. Approved then by the client SO and based on the new model a new service established
Maintenance of exiting PKI SNOW articles and creation of new documentation related to changes in the PKI Service.
Senior Expert in PKI Area
Very good understanding of the functions of PKI Certificates (x.509 Standard)
Good understanding of the functionalities of CA as well as PKI Client components (Windows 10)
Good understanding of the functionality for Authentication in applications, e.g Webserver IIS or Apache.
Good understanding of Email Signature and Encryption with Outlook 2019 and O365
Good understanding of Digital Signature with Adobe and Office Documentation
Deep dive into Cloud technologies (MS Azure) and Hardware-Security modules
Modern thinking in terms of new IT Security concepts and Ideas creation/realization
Interest in innovations (Cloud-Technologies)
Possibility for business travels
Fluent Deutsch and Business English
Certifications in the Cyber Security area (E.g. CISSP) is considered an advantage
Experience as a consultant in IT-Security / PKI
Solid knowledge in Cryptography, PKI, X.509
Solid Experience with Microsoft Azure Key Vault and other MS Products (AD, AAD)