Summary: The PKI Architect is a senior-level role focused on developing the strategy and architecture for State Farm's Public Key Infrastructure. This position requires a blend of technical expertise in cybersecurity and the ability to communicate effectively with executive leadership. The architect will guide the design and governance of PKI systems, ensuring alignment with broader security initiatives. This role is critical for enhancing the organization's security posture and identity management strategy.
Key Responsibilities:
- Define and own the enterprise PKI strategy, architecture, governance framework, and multi-year technology roadmap.
- Design CA hierarchies, certificate trust models, certificate policies (CP), and Certification Practice Statements (CPS).
- Evaluate and select PKI technologies, vendors, and platforms aligned with enterprise security objectives and budget constraints.
- Lead PKI architecture design reviews and provide authoritative technical direction to engineering teams.
- Architect disaster recovery and business continuity strategies for PKI systems across the enterprise.
- Design HSM integration strategies for enterprise-wide key protection and lifecycle management.
- Architect and oversee OCSP and CRL infrastructure for scalable certificate status services.
- Drive integration of PKI with broader IAM, Zero Trust, and DevSecOps initiatives across State Farm.
- Establish governance standards, operational policies, and risk frameworks for certificate management.
- Serve as trusted advisor to technology leadership (Technology Manager, Technology Director) on PKI risk, compliance, and modernization.
- Assess existing PKI environment and provide gap analysis, maturity assessments, and improvement roadmaps.
- Oversee and guide PKI engineering teams to ensure architectural intent is executed accurately.
Key Skills:
- Extensive experience designing and architecting enterprise PKI environments - not just operating them.
- Deep mastery of cryptography, PKI trust models, CA hierarchy design, and certificate policy frameworks.
- Strong background in enterprise security architecture, threat modeling, and risk management.
- Experience designing PKI systems spanning multiple platforms (Windows, Linux, cloud-native environments).
- Expert knowledge of PKI components: CA hierarchies, certificate lifecycle, HSMs, OCSP, CRL, and key recovery.
- Proven ability to communicate complex PKI architecture concepts to executive and non-technical stakeholders.
- Experience architecting disaster recovery and business continuity strategies for mission-critical PKI systems.
- Familiarity with compliance frameworks as they relate to PKI: NIST, FedRAMP, PCI-DSS, SOC 2.
- Ability to drive roadmap and governance decisions across organizational and vendor boundaries.
- Strong understanding of PKI integration patterns with IAM, Zero Trust, and cloud security architectures.
Salary (Rate): undetermined
City: undetermined
Country: undetermined
Working Arrangements: remote
IR35 Status: undetermined
Seniority Level: undetermined
Industry: IT
PKI Architect - Bloomington, IL - Remote
Position Overview :
The PKI Architect is a senior cybersecurity and enterprise architecture professional responsible for designing the overall strategy, architecture, governance, and roadmap for State Farm''s Public Key Infrastructure. While the PKI Engineer focuses on building and operating the environment, the PKI Architect determines what should be built, why, and how it fits into the organization''s broader security and identity strategy. This is a highly strategic, senior-level role requiring both deep technical expertise and executive-level communication capability.
Key Responsibilities :
- Define and own the enterprise PKI strategy, architecture, governance framework, and multi-year technology roadmap.
- Design CA hierarchies, certificate trust models, certificate policies (CP), and Certification Practice Statements (CPS).
- Evaluate and select PKI technologies, vendors, and platforms aligned with enterprise security objectives and budget constraints.
- Lead PKI architecture design reviews and provide authoritative technical direction to engineering teams.
- Architect disaster recovery and business continuity strategies for PKI systems across the enterprise.
- Design HSM integration strategies for enterprise-wide key protection and lifecycle management.
- Architect and oversee OCSP and CRL infrastructure for scalable certificate status services.
- Drive integration of PKI with broader IAM, Zero Trust, and DevSecOps initiatives across State Farm.
- Establish governance standards, operational policies, and risk frameworks for certificate management.
- Serve as trusted advisor to technology leadership (Technology Manager, Technology Director) on PKI risk, compliance, and modernization.
- Assess existing PKI environment and provide gap analysis, maturity assessments, and improvement roadmaps.
- Oversee and guide PKI engineering teams to ensure architectural intent is executed accurately.
MUST Have Skills:
- Extensive experience designing and architecting enterprise PKI environments - not just operating them.
- Deep mastery of cryptography, PKI trust models, CA hierarchy design, and certificate policy frameworks.
- Strong background in enterprise security architecture, threat modeling, and risk management.
- Experience designing PKI systems spanning multiple platforms (Windows, Linux, cloud-native environments).
- Expert knowledge of PKI components: CA hierarchies, certificate lifecycle, HSMs, OCSP, CRL, and key recovery.
- Proven ability to communicate complex PKI architecture concepts to executive and non-technical stakeholders.
- Experience architecting disaster recovery and business continuity strategies for mission-critical PKI systems.
- Familiarity with compliance frameworks as they relate to PKI: NIST, FedRAMP, PCI-DSS, SOC 2.
- Ability to drive roadmap and governance decisions across organizational and vendor boundaries.
- Strong understanding of PKI integration patterns with IAM, Zero Trust, and cloud security architectures.