Staff Enterprise Technology Engineer- Certificate Management

A cross-functional team of security engineers, IAM specialists, DevOps professionals, and platform architects who are passionate about building secure and scalable identity infrastructure. Collaborating with collaborators across cloud, application, and compliance teams, you'll help craft the future of machine identity and certificate lifecycle management. Our culture values deep technical curiosity, automation-first thinking, and proactive problem-solving. You’ll be empowered to drive innovation in cryptography, influence enterprise security strategy, and contribute to a critically important platform that underpins digital trust across the organization.

Join us to improve our digital trust as our Staff Enterprise Technology Engineer for Certificate Management. You'll build and evolve the critical foundation on which our entire digital ecosystem depends—the cornerstone authentication platform that enables all other services to operate securely. Blending deep security expertise with strategic vision, you'll transform our identity infrastructure from traditional PKI to quantum-resistant solutions while ensuring enterprise-wide resilience.

As a key member of this team, you will be a guardian of this operationally critical platform. You'll engineer a multifaceted platform that continuously evolves while supporting innovation across all business functions. Working with senior leadership, you'll drive automation initiatives and establish security frameworks that safeguard our mission-critical applications. Craft the future of machine identity in the quantum age, knowing that your work forms the crucial bedrock of trust for everything we build.

• Ensure Secure & Reliable PKI Operations – Maintain and improve our internal Certificate Authorities (CAs), ensuring high availability, security, and compliance.
• Automate Certificate Management – Implement self-service workflows for certificate issuance, renewal, and revocation using Terraform, Ansible, and CI/CD pipelines.
• Enable Zero Trust & IAM Security – Integrate certificate-based authentication across VPNs, smart cards, SPIFFE/SPIRE, and workload identities.
• Optimize TLS & mTLS Implementations – Secure web servers, service mesh environments (Istio, Linkerd), and machine-to-machine communications.
• Enhance Security & Compliance – Align PKI operations with NIST, ISO 27001, SOC 2, GDPR, and PCI-DSS frameworks.
• Support Multi-Cloud & Hybrid Environments – Implement certificate governance across Azure Key Vault, AWS ACM.
• Solve & Improve Resilience – Address TLS handshake issues, certificate expiration risks, and automation gaps to ensure flawless security.
• Drive Future-Proofing Initiatives – Plan for post-quantum cryptography, hybrid certificates, and sophisticated identity security trends.

• Bachelor’s degree or equivalent experience in technology, Engineering, or a related field.
• Strong PKI expertise – X.509, TLS/SSL, OCSP, CRL, ADCS, and Entra ID Certificate Management.
• Knowledge of Zero Trust & IAM – workload identity, SPIFFE/SPIRE etc.
• Understanding of Infrastructure as Code (IaC) & Automation – Terraform, Ansible, CloudFormation, Kubernetes etc.
• Multi-cloud security knowledge – AWS ACM, Azure Key Vault etc.
• Solving expertise – TLS handshake issues, certificate clarity logs etc.

We expect all engineers in our organization to align with the following principles:

• Problem-Solving & Innovation – You proactively find solutions, solve issues, and improve security processes.
• Automation & Scalability – You embrace Infrastructure-as-Code and self-service automation for efficient PKI management.
• Security-First Approach – You ensure security is embedded at every stage, aligning with Zero Trust principles.
• Teamwork & Communication – You work closely with security, IAM, DevOps, and platform teams to drive adoption.
• Continuous Learning & Adaptability – You stay updated on cryptographic advancements, emerging IAM standards, and security best practices.
• Operational Excellence – You build high-availability, resilient, and scalable certificate infrastructures with monitoring and auditing.

• Deep PKI Expertise: Proven experience leading enterprise-grade certificate infrastructures, including X.509, ADCS, OCSP, CRLs, and integrating certificate-based authentication across systems and workloads.
• Automation & IaC Leadership: Strong ability to automate certificate lifecycle management using tools like Terraform, Ansible, and CI/CD pipelines, enabling secure and scalable operations.
• Future-Ready Security Attitude: Forward-thinking approach to cryptography, with knowledge of post-quantum trends, hybrid certs, and evolving machine identity standards (e.g., SPIFFE/SPIRE).

Our purpose is to deliver energy to the world, today and tomorrow. For over 100 years, bp has focused on discovering, developing, and producing oil and gas in the nations where we operate. We are one of the few companies globally that can provide governments and customers with an integrated energy offering. Delivering our strategy sustainably is fundamental to achieving our ambition to be a net zero company by 2050 or sooner!

bp offers a vibrant, collaborative work culture in a company that closely follows its values of ‘Who We Are’. We are dedicated to developing your career and reward our people with a competitive package coupled with benefits that reflect these values.

• Generous salary package including an annual bonus program and individual performance-based incentives.
• Additional EPF contributions totaling 15%.
• Excellent work-life balance & flexible working arrangements (hybrid 60/40 in-office)
• Collaborative environment that celebrates achievements, diversity, and culture
• Ongoing career development and progression opportunities in a global organization
• 12 weeks paid parental leave (4 weeks partner leave).

Travel Requirement: No travel is expected with this role.

Relocation Assistance: This role is not eligible for relocation.

Remote Type: This position is a hybrid of office/remote working.

Legal Disclaimer: We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, sex, gender, gender expression, sexual orientation, age, marital status, socioeconomic status, neurodiversity/neurocognitive functioning, veteran status or disability status. Individuals with an accessibility need may request an adjustment/accommodation related to bp’s recruiting process (e.g., accessing the job application, completing required assessments, participating in telephone screenings or interviews, etc.). If you would like to request an adjustment/accommodation related to the recruitment process, please contact us. If you are selected for a position and depending upon your role, your employment may be contingent upon adherence to local policy. This may include pre-placement drug screening, medical review of physical fitness for the role, and background checks.