Skip to main content

Our Commitment
Your Talent

Search Jobs

22587-Cybersecurity Infrastructure Specialist

Location Changzhou, Jiangsu, China Date posted July 07, 2026 Job ID 22587
Our Opening and Your Responsibilities
  • PKI & Certificate Lifecycle Management
    • Lifecycle Automation: Own the end-to-end lifecycle (request, issuance, validation, deployment, renewal, and revocation) of all digital certificates, including SSL/TLS, SSH keys, and code-signing certificates. 
    • CA & Microsoft PKI Governance: Maintain, audit, and optimize internal and external Certificate Authorities (CAs) to ensure absolute compliance with global cryptographic standards and corporate security policies. Oversee the comprehensive management of Microsoft PKI, including Certificate Revocation Lists (CRL), Online Certificate Status Protocol (OCSP), WebCA deployment, and SCEP/NDES integration with Microsoft Intune. 
    • Certificate Management Environments: Operate and scale enterprise Certificate Management Environments to track, monitor, and remediate expiring or non-compliant certificates, successfully preventing operational outages. 
    • ACME Protocol Management: Comprehend the deep underpinnings of the ACME protocol, managing its associated configuration, deployment, and the secure revocation of the service. 
    • Hardware Security Module (HSM) Operations: Manage and maintain Luna Network HSM solutions. Direct key management operations within network HSM environments and demonstrate a firm understanding of HSM Partition functionality versus HSM Keyring functionality across High Availability (HA) and Cluster environments. 
  • Privileged Access Management (PAM)
    • Platform Governance & JIT Adoption: Manage and optimize core enterprise tier-1 PAM solutions. Drive the engineering adoption of Just-in-Time (JIT) provisioning, secure remote access, privilege containment, and zero-standing privilege workflows across the ecosystem. 
    • Identity Lifecycle Automation: Supervise privileged account onboarding/offboarding and birthright access roles, while utilizing discovery checklists to identify unmanaged credentials and third-party accounts. Collaborate with architecture teams to implement automated self-service capabilities via identity governance (e.g.: Saviynt) and IT service management platform integrations (e.g., ServiceNow). 
    • Secrets & Server owners/Application Owners: Secure the engineering footprint by enforcing automatic password rotation policies, defining practices for secure PowerShell scripting, and eliminating hardcoded or un-hashed system passwords across cloud workloads and containerized systems. Enforce password complexity rules and automated credential rotation immediately after use. 
    • Change Control & Infrastructure Maintenance: Act as the internal escalation point for platform engineering health alerts, platform monitoring anomalies, software patching, and major environment upgrades. Coordinate infrastructure changes with business stakeholders and the Change Advisory Board (CAB) using established systems of record. 
    • Audit, Compliance & SOC Integration: Configure session recording, isolation, and logging capabilities to provide a centralized view of privileged access. Utilize these detective controls to satisfy global governance frameworks (such as PCI-DSS v4.0 and SOX), regional compliance mandates (such as the China Cybersecurity Law), and operational root-cause analysis (RCA). Partner with the SOC to integrate PAM telemetry for enhanced tracking of malicious activity. 
  • DevSecOps & CI/CD Pipeline Integration
    • Secure Pipeline Injection: Collaborate tightly with the AppSec and DevOps teams to seamlessly inject automated certificate management, token management, and cryptographic vaulting natively into our software deployment pipelines (such as Azure DevOps or GitHub Actions). 

What You Need to Succeed
  • Education: Bachelor’s degree in Computer Science, Information Systems, Information Security, or a related field. 
  • Experience: 5+ years in software infrastructure, network security, or application security development, with 3–5 years of dedicated hands-on experience focused on Identity and Access Management (IAM), infrastructure security, or PKI ecosystems. 
  • Technical Expertise:
    • Cryptographic Standards: Strong core understanding of network security, cryptography, application security, and direct competency in the X.509 body of knowledge. 
    • Advanced PKI Administration: Proven experience managing Certificate Authorities, specifically Microsoft PKI infrastructures (CRL, OCSP, WebCA, and SCEP/NDES Intune integration). 
    • Protocols & Environments: Practical experience with Certificate Management Environments and deep technical familiarity with the ACME protocol underpinnings (configuration, deployment, and revocation). 
    • HSM Management: Hands-on experience with key management in network HSM, knowledge of  Luna Network HSM solutions and understanding HSM Partition vs. HSM Keyring functionality (HA vs. Cluster) is a plus.
    • PAM & Ecosystem Fluency: Deep foundational knowledge of major tier-1 enterprise PAM tool architectures (such as CyberArk, BeyondTrust, or equivalent enterprise-grade solutions) and an understanding of secrets vaulting within modern cloud environments (AWS, Azure). Strong working familiarity with IT service management platforms (such as ServiceNow) and identity lifecycle governance integrations (such as SailPoint). 
    • Regional Compliance Knowledge: Solid awareness of China’s cybersecurity regulatory environment (such as the China Cybersecurity Law and Data Security Law) as it applies to data localization, encryption, and access controls. 
  • Skills:
    • Analytical Skills: Excellent analytical and problem-solving abilities to mitigate architectural risks, perform root-cause analysis on failing credentials, and troubleshoot cryptographic issues. 
    • Communication: Professional working proficiency in both Mandarin and English is required to effectively collaborate with local engineering teams and present initiatives to global security leadership. 
    • Certifications: Industry certifications (e.g., CISSP, CISM, CSSLP, CEH, or specialized vendor certifications) are a plus. 
Our Offer to You
  • Competitive compensation & benefit package
  • Possibility to work in an international environment with multicultural team
  • Interesting and challenging career in a successful leading global organization
  • Trainings and professional development
About Mettler Toledo
METTLER TOLEDO is a global leader in precision instruments and services. We are renowned for innovation and quality across laboratory, process analytics, industrial, product inspection, and retailing applications. Our sales and service network is one of the most extensive in the industry. Our products are sold in more than 140 countries, and we have a direct presence in approximately 40 countries. For more information, please visit www.mt.com.
Equal Opportunity Employment
We promote equal opportunity worldwide and value diversity in our teams in terms of business background, area of expertise, gender and ethnicity. For more information on our commitment to Sustainability, Diversity and Equal Opportunity please visit us here

Get to Know METTLER TOLEDO

Take a look at a “day in the life” of a METTLER TOLEDO employee. No matter where you work in this company, the team atmosphere comes through. METTLER TOLEDO may be precisely where you belong.

Let’s Connect

Join our Talent Community and receive personalized updates about our opportunities.

Sign Up

We are an equal opportunity employer and value diversity at our company. We give consideration for employment without regard to race, color, religion, sex, age, national origin, disability, sexual orientation, gender identity, genetic information, protected veteran status, or any other protected classification. Learn your EEO rights as an applicant under the law.

METTLER TOLEDO endeavors to make www.mt.com accessible to any and all users. If you would like to contact us regarding the accessibility of our website or need assistance completing the application process, please contact us at Contact Us EEO@mt.com.