Certificate Lifecycle Management (CLM) Engineer

Certificate Lifecycle Management (CLM) Engineer

Managing and automating the lifecycle of digital certificates to ensure secure, reliable, and compliant encryption infrastructure

Position Overview
We are seeking a knowledgeable Certificate Lifecycle Management Engineer to administer and optimize the deployment, renewal, revocation, and monitoring of digital certificates using certificate lifecycle management tools. The role is critical to maintaining enterprise security, supporting PKI infrastructures, and preventing service disruptions related to certificate expiry.

• Manage issuance, renewal, revocation, and replacement of digital certificates across enterprise environments
• Administer certificate lifecycle management tools such as Venafi, DigiCert CertCentral, Sectigo, or open-source alternatives
• Maintain integration of certificate management with applications, devices, and infrastructure components

• Develop and maintain automation workflows to streamline certificate requests, approvals, and renewals
• Monitor certificate health, expiration alerts, and compliance status across all managed certificates
• Respond to and resolve certificate-related incidents, outages, or misconfigurations promptly

• Implement and enforce certificate policies and standards in accordance with organizational security and compliance requirements
• Collaborate with security teams to align PKI and certificate management with broader cybersecurity strategies
• Conduct audits and reporting on certificate usage, expirations, and policy adherence

• Document certificate management processes, configurations, and operational guidelines
• Provide training and support to application teams, developers, and system administrators on certificate usage and best practices
• Keep abreast of industry trends, vulnerabilities, and advances in certificate management

• 6+ years experience managing digital certificates and PKI environments
• Hands-on experience with certificate lifecycle management tools (e.g., Venafi, DigiCert, Sectigo)
• Strong understanding of X.509 certificates, SSL/TLS protocols, and public key infrastructure (PKI) concepts
• Proficiency in scripting or automation tools for certificate issuance and renewal processes
• Familiarity with compliance standards related to encryption and certificate management

• Certifications in cybersecurity or PKI management
• Experience with integrating CLM tools into CI/CD pipelines and DevOps workflows
• Knowledge of cloud-based certificate services (AWS Certificate Manager, Azure Key Vault)
• Background in incident response and security monitoring for cryptographic assets