Senior Consultant (CLM / PKI)

Key responsibilities

• Lead workshops to capture current-state certificate management processes, pain points, risks, stakeholders, and business requirements.
• Assess the existing PKI and certificate landscape, including public and private CAs, internal/external certificates, TLS/SSL usage, certificate ownership, renewal processes, and expiry monitoring.
• Define the target-state CLM operating model, including roles, responsibilities, governance, policy, lifecycle workflows, reporting, and automation opportunities.
• Create tool-selection criteria and support the evaluation of CLM platforms against business, security, operational, and integration requirements.
• Support the selection of a CLM tool suitable for enterprise use, including discovery, inventory, monitoring, alerting, renewal, revocation, and reporting capabilities.
• Design and execute a PoC for the selected CLM tool, including scope, test cases, success criteria, integration points, findings, and recommendations.
• Advise on certificate lifecycle stages, including issuance, deployment, monitoring, renewal, revocation, retirement, and private-key handling.
• Identify automation opportunities for certificate enrolment, renewal, deployment, and revocation, as automation can reduce manual effort and errors in certificate lifecycle processes.
• Produce clear documentation, including assessment findings, requirements, tool scorecard, PoC plan, PoC results, risks, dependencies, and implementation roadmap.
• Work closely with DXC security, infrastructure, cloud, network, application, and service-management teams.

Required experience

• Strong experience in Certificate Lifecycle Management, PKI, digital certificates, and enterprise security architecture.
• Practical knowledge of X.509 certificates, TLS/SSL, certificate chains, trust stores, root and issuing CAs, certificate policies, and key-management principles.
• Experience with enterprise PKI platforms and certificate services, such as Microsoft AD CS and/or comparable CA technologies.
• Experience with CLM or certificate management tools such as Venafi, Keyfactor, AppViewX, DigiCert, Sectigo, or similar platforms; enterprise certificate roles commonly require familiarity with tools such as Venafi, Keyfactor, AppViewX, DigiCert, and Sectigo.
• Experience designing or supporting certificate discovery, inventory, monitoring, alerting, renewal, and reporting processes.
• Ability to define tool-selection frameworks, evaluation criteria, weighted scorecards, and PoC success measures.
• Understanding of enterprise infrastructure environments including Windows, Linux, web servers, load balancers, reverse proxies, cloud platforms, and network devices.
• Experience integrating certificate management with ITSM, CMDB, monitoring, SIEM, DevOps, cloud, and automation platforms.
• Strong stakeholder-management, consulting, workshop facilitation, and technical documentation skills.

Desirable experience

• Experience with cloud certificate services such as AWS Certificate Manager, Azure Key Vault Certificates, or equivalent; cloud certificate services are commonly referenced as preferred experience for certificate management roles.
• Experience with Kubernetes certificates, ingress certificates, cert-manager, service mesh, or container-platform certificate automation.
• Knowledge of ACME, SCEP, EST, APIs, scripting, and automation using PowerShell, Python, shell scripting, or infrastructure-as-code.
• Experience in regulated, audited, or large enterprise environments.
• Knowledge of HSMs, private-key protection, code-signing certificates, device certificates, and machine identity management.
• Relevant certifications such as CISSP, CCSP, CISM, Microsoft security certifications, cloud security certifications, or vendor-specific PKI/CLM certifications.