Platform Security Engineer - PKI & Cryptography

We are looking for a highly skilled Platform Security Engineer with strong expertise in Public Key Infrastructure (PKI), Digital Certificates, Hardware Security Modules (HSMs), and Cryptography to join our growing Platform Security team. The successful candidate will play a key role in designing, implementing, and managing security services that underpin our enterprise infrastructure and applications, ensuring trust, integrity, and compliance across our platforms.

• Design, deploy, and manage PKI services, including root and subordinate Certificate Authorities (CAs)
• Oversee the lifecycle of digital certificates (issuance, renewal, revocation, automation) managing the CLM solution of the Group
• Administer and maintain Hardware Security Modules (HSMs), ensuring secure key storage and operations
• Support the management of cryptographic solutions (symmetric/asymmetric encryption, key management, signing, hashing)
• Collaborate with IT, DevOps, and application teams to integrate certificate and cryptography services into enterprise platforms and applications
• Define, enforce, and monitor compliance with internal security standards, industry best practices, and regulatory requirements (e.g., DORA, eIDAS, NIST, ISO 27001)
• Support audits and security assessments by providing evidence, documentation, and subject matter expertise
• Troubleshoot PKI, certificate, and cryptographic issues across multiple environments
• Research and evaluate emerging cryptographic technologies, standards, and trends
• Develop automation scripts and workflows to streamline PKI and certificate management

Our ideal candidate will meet the following requirements:

• Bachelor's degree in Computer Science, Information Security, or related field (or equivalent professional experience)
• Proven experience with PKI design, deployment, and operations in enterprise environments
• Hands‑on expertise with digital certificates management (SSL/TLS, client authentication, code signing, device certificates)
• Experience with HSM administration and key management best practices
• Strong knowledge of cryptography principles (RSA, ECC, AES, SHA, TLS protocols, key exchange mechanisms)
• Familiarity with automation and scripting (e.g., PowerShell, Python, Bash) for certificate lifecycle management
• Solid understanding of security frameworks and compliance standards (DORA, NIST, ISO, PCI DSS, eIDAS)
• Strong troubleshooting, problem‑solving, and analytical skills
• Excellent communication skills and ability to work collaboratively across teams

• Experience with cloud‑native PKI and certificate management services
• Proficient in SecOps and DevSecOps, integrating cryptographic services into security monitoring, incident response, and CI/CD pipelines, including PKI, certificate management, and cryptographic controls
• Knowledge of DevOps and CI/CD environments with certificate automation (e.g., HashiCorp Vault, cert‑manager, ACME/Let’s Encrypt)
• Certifications such as CISSP, CISM, CCSP, Microsoft Certified: Security, Compliance, and Identity, or vendor‑specific PKI/HSM certifications
• Familiarity with zero trust architectures and secure identity management

Generali is a major player in the global insurance industry – a strategic and highly important sector for the growth, development and welfare of modern societies. Over almost 200 years, we have built a multinational Group that is present in more than 60 countries, with 470 companies and nearly 80,000 employees. GOSP – Generali Operations Service Platform is a joint‑venture between Generali and Accenture and provides IT and Procurement services to Generali Group companies. Our purpose is to accelerate the Group's innovation and digitization strategy through the Cloud and shared platforms. Based in Italy it has 6 branches across Europe and employs about 1,200 people.