22587-Cybersecurity Infrastructure Specialist
Ubicación Changzhou, Jiangsu Sheng, China Fecha de publicación 07 julio 2026 ID de la oferta 22587- PKI & Certificate Lifecycle Management
- Lifecycle Automation: Own the end-to-end lifecycle (request, issuance, validation, deployment, renewal, and revocation) of all digital certificates, including SSL/TLS, SSH keys, and code-signing certificates.
- CA & Microsoft PKI Governance: Maintain, audit, and optimize internal and external Certificate Authorities (CAs) to ensure absolute compliance with global cryptographic standards and corporate security policies. Oversee the comprehensive management of Microsoft PKI, including Certificate Revocation Lists (CRL), Online Certificate Status Protocol (OCSP), WebCA deployment, and SCEP/NDES integration with Microsoft Intune.
- Certificate Management Environments: Operate and scale enterprise Certificate Management Environments to track, monitor, and remediate expiring or non-compliant certificates, successfully preventing operational outages.
- ACME Protocol Management: Comprehend the deep underpinnings of the ACME protocol, managing its associated configuration, deployment, and the secure revocation of the service.
- Hardware Security Module (HSM) Operations: Manage and maintain Luna Network HSM solutions. Direct key management operations within network HSM environments and demonstrate a firm understanding of HSM Partition functionality versus HSM Keyring functionality across High Availability (HA) and Cluster environments.
- Privileged Access Management (PAM)
- Platform Governance & JIT Adoption: Manage and optimize core enterprise tier-1 PAM solutions. Drive the engineering adoption of Just-in-Time (JIT) provisioning, secure remote access, privilege containment, and zero-standing privilege workflows across the ecosystem.
- Identity Lifecycle Automation: Supervise privileged account onboarding/offboarding and birthright access roles, while utilizing discovery checklists to identify unmanaged credentials and third-party accounts. Collaborate with architecture teams to implement automated self-service capabilities via identity governance (e.g.: Saviynt) and IT service management platform integrations (e.g., ServiceNow).
- Secrets & Server owners/Application Owners: Secure the engineering footprint by enforcing automatic password rotation policies, defining practices for secure PowerShell scripting, and eliminating hardcoded or un-hashed system passwords across cloud workloads and containerized systems. Enforce password complexity rules and automated credential rotation immediately after use.
- Change Control & Infrastructure Maintenance: Act as the internal escalation point for platform engineering health alerts, platform monitoring anomalies, software patching, and major environment upgrades. Coordinate infrastructure changes with business stakeholders and the Change Advisory Board (CAB) using established systems of record.
- Audit, Compliance & SOC Integration: Configure session recording, isolation, and logging capabilities to provide a centralized view of privileged access. Utilize these detective controls to satisfy global governance frameworks (such as PCI-DSS v4.0 and SOX), regional compliance mandates (such as the China Cybersecurity Law), and operational root-cause analysis (RCA). Partner with the SOC to integrate PAM telemetry for enhanced tracking of malicious activity.
- DevSecOps & CI/CD Pipeline Integration
- Secure Pipeline Injection: Collaborate tightly with the AppSec and DevOps teams to seamlessly inject automated certificate management, token management, and cryptographic vaulting natively into our software deployment pipelines (such as Azure DevOps or GitHub Actions).
- Education: Bachelor’s degree in Computer Science, Information Systems, Information Security, or a related field.
- Experience: 5+ years in software infrastructure, network security, or application security development, with 3–5 years of dedicated hands-on experience focused on Identity and Access Management (IAM), infrastructure security, or PKI ecosystems.
- Technical Expertise:
- Cryptographic Standards: Strong core understanding of network security, cryptography, application security, and direct competency in the X.509 body of knowledge.
- Advanced PKI Administration: Proven experience managing Certificate Authorities, specifically Microsoft PKI infrastructures (CRL, OCSP, WebCA, and SCEP/NDES Intune integration).
- Protocols & Environments: Practical experience with Certificate Management Environments and deep technical familiarity with the ACME protocol underpinnings (configuration, deployment, and revocation).
- HSM Management: Hands-on experience with key management in network HSM, knowledge of Luna Network HSM solutions and understanding HSM Partition vs. HSM Keyring functionality (HA vs. Cluster) is a plus.
- PAM & Ecosystem Fluency: Deep foundational knowledge of major tier-1 enterprise PAM tool architectures (such as CyberArk, BeyondTrust, or equivalent enterprise-grade solutions) and an understanding of secrets vaulting within modern cloud environments (AWS, Azure). Strong working familiarity with IT service management platforms (such as ServiceNow) and identity lifecycle governance integrations (such as SailPoint).
- Regional Compliance Knowledge: Solid awareness of China’s cybersecurity regulatory environment (such as the China Cybersecurity Law and Data Security Law) as it applies to data localization, encryption, and access controls.
- Skills:
- Analytical Skills: Excellent analytical and problem-solving abilities to mitigate architectural risks, perform root-cause analysis on failing credentials, and troubleshoot cryptographic issues.
- Communication: Professional working proficiency in both Mandarin and English is required to effectively collaborate with local engineering teams and present initiatives to global security leadership.
- Certifications: Industry certifications (e.g., CISSP, CISM, CSSLP, CEH, or specialized vendor certifications) are a plus.
- Competitive compensation & benefit package
- Possibility to work in an international environment with multicultural team
- Interesting and challenging career in a successful leading global organization
- Trainings and professional development
Conoce METTLER TOLEDO
Echa un vistazo a “un día en METTLER TOLEDO”. No importa dónde trabajes en esta empresa, el ambiente de equipo se manifiesta. METTLER TOLEDO puede ser precisamente el lugar al que perteneces.
-
- 21839-Project Manager Changzhou, China 04/28/2026
-
Saved Jobs
Conectémonos
Únete a nuestra Comunidad de Talentos y recibe actualizaciones personalizadas sobre nuestras oportunidades.
Somos una empresa que ofrece igualdad de oportunidades y valoramos la diversidad en nuestra empresa. Damos consideración para el empleo sin distinción de raza, color, religión, sexo, edad, origen nacional, discapacidad, orientación sexual, identidad de género, información genética, estado de veterano protegido o cualquier otra clasificación protegida. Conoce Tus derechos de EEO como solicitante según la ley.
METTLER TOLEDO se esfuerza por hacer que www.mt.com sea accesible para todos y cada uno de los usuarios. Si deseas ponerse en contacto con nosotros en relación con la accesibilidad de nuestro sitio web o necesitas ayuda para completar el proceso de solicitud, ponte en contacto con nosotros en esta dirección de correo electrónico EEO@mt.com.