22587-Cybersecurity Infrastructure Specialist
위치 창저우 시, Jiangsu Sheng, 중국 등록일 2026년 7월 7일 공고 ID 22587Our Opening and Your Responsibilities
- PKI & Certificate Lifecycle Management
- Lifecycle Automation: Own the end-to-end lifecycle (request, issuance, validation, deployment, renewal, and revocation) of all digital certificates, including SSL/TLS, SSH keys, and code-signing certificates.
- CA & Microsoft PKI Governance: Maintain, audit, and optimize internal and external Certificate Authorities (CAs) to ensure absolute compliance with global cryptographic standards and corporate security policies. Oversee the comprehensive management of Microsoft PKI, including Certificate Revocation Lists (CRL), Online Certificate Status Protocol (OCSP), WebCA deployment, and SCEP/NDES integration with Microsoft Intune.
- Certificate Management Environments: Operate and scale enterprise Certificate Management Environments to track, monitor, and remediate expiring or non-compliant certificates, successfully preventing operational outages.
- ACME Protocol Management: Comprehend the deep underpinnings of the ACME protocol, managing its associated configuration, deployment, and the secure revocation of the service.
- Hardware Security Module (HSM) Operations: Manage and maintain Luna Network HSM solutions. Direct key management operations within network HSM environments and demonstrate a firm understanding of HSM Partition functionality versus HSM Keyring functionality across High Availability (HA) and Cluster environments.
- Privileged Access Management (PAM)
- Platform Governance & JIT Adoption: Manage and optimize core enterprise tier-1 PAM solutions. Drive the engineering adoption of Just-in-Time (JIT) provisioning, secure remote access, privilege containment, and zero-standing privilege workflows across the ecosystem.
- Identity Lifecycle Automation: Supervise privileged account onboarding/offboarding and birthright access roles, while utilizing discovery checklists to identify unmanaged credentials and third-party accounts. Collaborate with architecture teams to implement automated self-service capabilities via identity governance (e.g.: Saviynt) and IT service management platform integrations (e.g., ServiceNow).
- Secrets & Server owners/Application Owners: Secure the engineering footprint by enforcing automatic password rotation policies, defining practices for secure PowerShell scripting, and eliminating hardcoded or un-hashed system passwords across cloud workloads and containerized systems. Enforce password complexity rules and automated credential rotation immediately after use.
- Change Control & Infrastructure Maintenance: Act as the internal escalation point for platform engineering health alerts, platform monitoring anomalies, software patching, and major environment upgrades. Coordinate infrastructure changes with business stakeholders and the Change Advisory Board (CAB) using established systems of record.
- Audit, Compliance & SOC Integration: Configure session recording, isolation, and logging capabilities to provide a centralized view of privileged access. Utilize these detective controls to satisfy global governance frameworks (such as PCI-DSS v4.0 and SOX), regional compliance mandates (such as the China Cybersecurity Law), and operational root-cause analysis (RCA). Partner with the SOC to integrate PAM telemetry for enhanced tracking of malicious activity.
- DevSecOps & CI/CD Pipeline Integration
- Secure Pipeline Injection: Collaborate tightly with the AppSec and DevOps teams to seamlessly inject automated certificate management, token management, and cryptographic vaulting natively into our software deployment pipelines (such as Azure DevOps or GitHub Actions).
What You Need to Succeed
- Education: Bachelor’s degree in Computer Science, Information Systems, Information Security, or a related field.
- Experience: 5+ years in software infrastructure, network security, or application security development, with 3–5 years of dedicated hands-on experience focused on Identity and Access Management (IAM), infrastructure security, or PKI ecosystems.
- Technical Expertise:
- Cryptographic Standards: Strong core understanding of network security, cryptography, application security, and direct competency in the X.509 body of knowledge.
- Advanced PKI Administration: Proven experience managing Certificate Authorities, specifically Microsoft PKI infrastructures (CRL, OCSP, WebCA, and SCEP/NDES Intune integration).
- Protocols & Environments: Practical experience with Certificate Management Environments and deep technical familiarity with the ACME protocol underpinnings (configuration, deployment, and revocation).
- HSM Management: Hands-on experience with key management in network HSM, knowledge of Luna Network HSM solutions and understanding HSM Partition vs. HSM Keyring functionality (HA vs. Cluster) is a plus.
- PAM & Ecosystem Fluency: Deep foundational knowledge of major tier-1 enterprise PAM tool architectures (such as CyberArk, BeyondTrust, or equivalent enterprise-grade solutions) and an understanding of secrets vaulting within modern cloud environments (AWS, Azure). Strong working familiarity with IT service management platforms (such as ServiceNow) and identity lifecycle governance integrations (such as SailPoint).
- Regional Compliance Knowledge: Solid awareness of China’s cybersecurity regulatory environment (such as the China Cybersecurity Law and Data Security Law) as it applies to data localization, encryption, and access controls.
- Skills:
- Analytical Skills: Excellent analytical and problem-solving abilities to mitigate architectural risks, perform root-cause analysis on failing credentials, and troubleshoot cryptographic issues.
- Communication: Professional working proficiency in both Mandarin and English is required to effectively collaborate with local engineering teams and present initiatives to global security leadership.
- Certifications: Industry certifications (e.g., CISSP, CISM, CSSLP, CEH, or specialized vendor certifications) are a plus.
Our Offer to You
- Competitive compensation & benefit package
- Possibility to work in an international environment with multicultural team
- Interesting and challenging career in a successful leading global organization
- Trainings and professional development
About Mettler Toledo
METTLER TOLEDO is a global leader in precision instruments and services. We are renowned for innovation and quality across laboratory, process analytics, industrial, product inspection, and retailing applications. Our sales and service network is one of the most extensive in the industry. Our products are sold in more than 140 countries, and we have a direct presence in approximately 40 countries. For more information, please visit www.mt.com.
Equal Opportunity Employment
We promote equal opportunity worldwide and value diversity in our teams in terms of business background, area of expertise, gender and ethnicity. For more information on our commitment to Sustainability, Diversity and Equal Opportunity please visit us here
METTLER TOLEDO 알아보기
METTLER TOLEDO 직원의 “일상”을 살펴보십시오. 이 회사의 어디에서 일하든 팀 분위기는 그대로 유지됩니다. METTLER TOLEDO는 바로 귀하가 있어야 할 곳 일 수 있습니다.
-
- 21839-Project Manager 창저우 시, 중국 04/28/2026
-
Saved Jobs
Let's Connect
Talent Community에 가입하여 맞춤형 업데이트를 받으십시오.
우리는 기회 균등 고용주이며 회사의 다양성을 소중히 여깁니다. 우리는 인종, 피부색, 종교, 성별, 연령, 출신 국가, 장애, 성적 취향, 성 정체성, 유전 정보, 보호 대상 재향 군인 지위 또는 기타 보호 대상 분류에 관계없이 고용을 고려합니다. 법률에 따라 지원자로서 EEO 권리에 대해 알아보십시오.
METTLER TOLEDO는 모든 사용자가 www.mt.com을 이용할 수 있도록 노력하고 있습니다. 당사 웹사이트의 접근성과 관련하여 당사에 연락하거나 지원 절차를 완료하는 데 도움이 필요한 경우 연락처 EEO@mt.com 로 문의하십시오