Project Role : Security Architect
Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations.
Must have skills : Data Encryption
Good to have skills : NA
Minimum
3 year(s) of experience is required
Educational Qualification : 15 years full time education
Summary:
The PKI Consultant will be responsible for designing, implementing, administering, and optimizing enterprise Public Key Infrastructure services using EBCA, Venafi Trust Protection Platform, and Microsoft Active Directory Certificate Services (ADCS). This role ensures the security, reliability, and lifecycle management of certificates across enterprise environments, supporting applications, endpoints, servers, network devices, and cloud services.
Roles & Responsibilities:
- Design and implement enterprise PKI architecture using Microsoft ADCS, EBCA, and Venafi TPP.
- Deploy and maintain Root CA, Subordinate CA, Policy CA, and Issuing CA structures.
- Configure certificate templates, enrollment policies, CRLs, OCSP responders, and CA security hardening.
- Ensure high availability and disaster recovery for PKI infrastructure.
- Implement automated certificate issuance, renewal, and revocation via Venafi or EBCA platforms.
- Manage server, client, device, and application certificates across on-prem and cloud.
- Oversee certificate lifecycle policies, expiration monitoring, alerts, and compliance reporting.
- Prevent certificate outages by proactively monitoring expiring certificates.
- Manage PKI servers, CA hierarchy, CRL distribution, OCSP, and certificate repositories.
- Maintain key archival, recovery procedures, and secure private key handling.
- Support code signing, SSL/TLS, device certificates, S/MIME, authentication certificates, etc.
- Monitor PKI performance, logs, and operational metrics.
- Integrate PKI with AD/LDAP, devices, network appliances, VPN, Load Balancers, Mobile device management.
- Integrate Venafi with tools (F5, Palo Alto, NGINX, AWS ACM, Azure Key Vault, Kubernetes).
- Automate certificate provisioning using Venafi, REST APIs, PowerShell, Python, Ansible.
- Enable certificate management across hybrid and multi-cloud environments.
- Enforce certificate standards, cryptographic policies (RSA/ECC), hashing algorithms, and key lengths.
- Ensure compliance with security frameworks: NIST, PCI-DSS, ISO 27001, SOC2, internal cyber policies.
- Implement hardening for PKI servers, HSM integration, key protection mechanisms.
- Conduct periodic audits and remediation of misconfigured or risky certificates.
- Troubleshoot certificate-related outages affecting applications, servers, load balancers, and endpoints.
- Participate in incident response for compromised certificates, key misuse, or PKI failures.
- Conduct root-cause analysis (RCA) for PKI disruptions or expired certificates.
- Maintain PKI architecture documents, SOPs, RACI, runbooks, diagrams, and certificate usage inventories.
- Provide training and guidance to operations, application, and infrastructure teams.
- Support global stakeholders in certificate onboarding and usage.
Professional & Technical Skills:
- Must To Have Skills: Proficiency in Data Encryption.
- Strong understanding of cloud security principles and practices.
- Experience with EBCA (Entrust/Baltimore/European CA platform), Venafi Trust Protection Platform (TPP / TLS Protect / CodeSign Protect), Microsoft ADCS – Enterprise PKI
- Familiarity with risk assessment methodologies and tools.
- Knowledge of compliance requirements related to data protection and privacy.
- Root & subordinate CA management
- CRL, delta CRL, AIA, OCSP
- SSL/TLS, mTLS, client-auth certificates
- Certificate chain validation & trust stores
- Code signing, device certificates, authentication certs
- Private key protection (HSM, Azure Key Vault, AWS KMS)
- PKI in cloud (Azure, AWS, GCP)
- PowerShell scripting (mandatory)
- REST API, JSON for Venafi and EBCA integrations
- Automation tools (Ansible, Jenkins, Terraform advantageous)
- Network security – Load balancers, proxies, firewalls handling certs
- Excellent troubleshooting and analytical skills.
- Strong communication and documentation capability.
- Ability to work with global engineering, cloud, and security teams.
Additional Information:
- The candidate should have minimum 6+ years total experience, 3+ of dedicated PKI experience (EBCA / Venafi / Microsoft PKI)
- This position is based at our Bengaluru office.
- A 15 years full time education is required.
Venafi Administrator / TPP Certification.
- Microsoft MCP/MCSA in Windows Server or Active Directory.
- PKI security training (SANS SEC509, EC-Council, ISC2 CCSP/CISSP advantage).
- Experience with HSMs (Thales, Safenet, Azure Key Vault HSM).
15 years full time education
About Accenture
Accenture is a leading global professional services company that helps the world’s leading businesses, governments and other organizations build their digital core, optimize their operations, accelerate revenue growth and enhance citizen services—creating tangible value at speed and scale. We are a talent- and innovation-led company with approximately 791,000 people serving clients in more than 120 countries. Technology is at the core of change today, and we are one of the world’s leaders in helping drive that change, with strong ecosystem relationships. We combine our strength in technology and leadership in cloud, data and AI with unmatched industry experience, functional expertise and global delivery capability. Our broad range of services, solutions and assets across Strategy & Consulting, Technology, Operations, Industry X and Song, together with our culture of shared success and commitment to creating 360° value, enable us to help our clients reinvent and build trusted, lasting relationships. We measure our success by the 360° value we create for our clients, each other, our shareholders, partners and communities.
Visit us at www.accenture.com
Equal Employment Opportunity Statement
We believe that no one should be discriminated against because of their differences. All employment decisions shall be made without regard to age, race, creed, color, religion, sex, national origin, ancestry, disability status, military veteran status, sexual orientation, gender identity or expression, genetic information, marital status, citizenship status or any other basis as protected by applicable law. Our rich diversity makes us more innovative, more competitive, and more creative, which helps us better serve our clients and our communities.