Sr Specialist Cybersecurity - Digital Certificate Management @ ATT Communication

About the Company:
Join AT&T and reimagine the communications and technologies that connect the world. Our Chief Security Office ensures that our assets are safeguarded through truthful transparency, enforce accountability and master cybersecurity to stay ahead of threats. Bring your bold ideas and fearless risk-taking to redefine connectivity and transform how the world shares stories and experiences that matter. When you step into a career with AT&T, you won t just imagine the future-you ll create it.

About the Job:
We are seeking a highly experienced Senior Specialist in Digital Certificate Management Operations to join our Cybersecurity team. The ideal candidate will have deep functional and operational expertise in the Public Key Infrastructure (PKI), cryptography, and certificate lifecycle management to ensure the secure issuance, renewal, revocation, and overall management of digital certificates across the enterprise. This role will collaborate with developers, network engineers, and security teams to maintain a robust and compliant certificate ecosystem that supports secure communications and data protection. This role will have hands-on experience with relevant tools and compliance frameworks.
Experience Level: 8+ years.
Location: Hyderabad / Bengaluru
Responsibilities Include:
Manage certificate lifecycle operations including issuance, renewal, revocation, and cross-certification within complex CA hierarchies.
Enforce cryptographic key management policies including key generation, escrow, rotation, and destruction
Monitor certificate status and proactively address expirations to prevent service disruptions.
Troubleshoot and resolve certificate-related issues across multiple platforms and applications.
Automate certificate management processes using scripting languages and certificate management tools.
Maintain accurate documentation of certificate inventories, configurations, and operational procedures.
Collaborate closely with developers, security teams, network administrators, and other stakeholders to ensure secure and compliant certificate deployments.
Ensure compliance with PKI best practices, industry standards, and regulatory requirements.
Establish monitoring and alerting mechanisms for certificate expiration and operational health.
Participate in periodic reviews / checks and respond to certificate management-related queries.
Stay current with emerging trends, threats, and technologies in digital certificate management.
Support incident response efforts related to certificate compromise or misuse.
Lead PKI-related operations, mentor junior team members, and facilitate cross-team collaboration with security, DevOps, and infrastructure groups.
Produce comprehensive documentation and communicate complex technical concepts clearly to diverse stakeholders.
Provide training and support to internal teams on certificate best practices.
Attention to detail is crucial
Should be flexible to provide coverage in US morning hours
Should be flexible with shifts and supporting on weekends

Required skills:
Overall - At least 8+ years of experience in performing Digital Certificate Management Operations including:

1. Core PKI & Security Skills
Advanced understanding of X.509 certificates, CRLs, OCSP, and complex CA hierarchies (root, intermediate, issuing).
Expertise in certificate lifecycle management at scale, cross-certification, and trust model architectures.
Strong cryptographic knowledge including symmetric/asymmetric encryption, digital signatures, and hashing algorithms.
Proven experience with key management policies covering generation, escrow, rotation, and secure destruction.
Demonstrated ability to lead complex PKI operations and guide junior team members.
Excellent collaboration skills working with security, DevOps, infrastructure, and application teams.
Operationalize secure PKI systems integrated with IAM, SSO, MFA, and compliant with standards such as NIST, FIPS 140-2, and ISO 27001.
In-depth knowledge of networking protocols relevant to certificate distribution and validation: SSH, TLS/SSL, HTTPS, S/MIME, IPsec, VPNs, DNS, LDAP, HTTP.
Proven experience leveraging automation for certificate lifecycle management using scripting tools like PowerShell and Python
2. Tools & Technologies:
Hands-on experience with OpenSSL, Keytool, Certutil.
Familiarity with Microsoft AD CS, KeyFactor, Venafi, HashiCorp Vault, and EJBCA.
Experience managing Hardware Security Modules (HSMs) such as Thales and SafeNet.
ACME protocol for automated certificate lifecycle management
3. Monitoring, Logging and Compliance:
Lead and Operationalize certificate expiration monitoring and alerting systems to prevent outages.
Maintain thorough logging and auditing of all certificate operations for security and compliance purposes.
Proven ability to troubleshoot complex certificate-related issues across diverse platforms.
Strong documentation skills to support audit readiness and operational transparency.
4. Automation
Python with libraries like cryptography, pyOpenSSL, requests, subprocess for PKI automation and API integration.
PowerShell for Windows PKI environments (e.g., AD CS).
Bash scripting for Linux-based PKI tools and OpenSSL automation.
Java for working with PKI tools such as EJBCA and integrations like HashiCorp Vault.
Other automation tools: Ansible, Terraform, and CI/CD systems (GitHub Actions, Jenkins).
RESTful API integrations for DigiCert, HashiCorp Vault, and ACME protocol platforms.
Desirable skills:
Bachelors or masters degree in computer science, mathematics, information systems, engineering, or cybersecurity.
Industry certifications such as CEH, CISSP, SANS and/or other relevant certifications
Ability to prioritize individual/group work in a high-stress and time-bound environment
Excellent communication, problem-solving, and analytical skills.
Ability to work independently and as part of a team.

Additional information (if any):
Should be flexible to provide coverage in US morning hours
Should be flexible with shifts and supporting on weekends

#Cybersecurity

Location: