Lead Engineer - Digital Certificate Services

At EY, we are committed to shaping your future with confidence. Join us and become part of a diverse team, empowered to take your career in any direction you want. At EY, we aim to build a better working world together. The opportunity The Digital Certificates Technology Service (DCTS) team, part of the Information Security organization at EY, is dedicated to engineering, developing, and maintaining digital certificate security solutions and encryption technologies for our global firm. As the Public Key Infrastructure (PKI) Engineering Lead, you will enhance IT security and productivity by creating and managing digital certificates for our global infrastructure. You will lead complex engineering design, development, and implementation tasks, ensuring full certificate lifecycle management for Transport Layer Security (TLS), Code Signing, User and Device Authentication, and Email Encryption. Our deployed services utilize various technologies, including Microsoft’s PKI, Online Certificate Status Protocol (OCSP) infrastructure, Hardware Security Modules (HSM), KeyFactor Command, Venafi Trust Protection Platform, Intune Certificate Connector, and JAMF ADCS. In this role, you will oversee a team dedicated to engineering solutions and manage activities delivered by your team. You will serve as a key intermediary among business stakeholders, solution architects, and IT operations to guarantee that deployed services meet security, functional, and operational requirements while maintaining high service uptime. Your key responsibilities Serve as the primary point of contact for strategy and best practices in engineering and design execution for new features or modifications to existing DCT services. Manage technical delivery for projects and services, collaborating with business stakeholders, executives, and project teams to ensure successful outcomes. Direct engineering efforts to support scalability, supportability, production design, validation testing, and service continuity. Act as a product owner for deployed services, managing vendor technologies and infrastructure components while developing and maintaining product roadmaps. Assist in the definition, design, and deployment of enterprise PKI systems to enhance business services. Oversee maintenance of existing deployed service components, including upgrades and issue resolution. Manage the configuration of PKI systems and execute test plans for production readiness. Create and maintain comprehensive system documentation. Ensure PKI systems comply with security policies, standards, and best practices. Lead and mentor your direct reports, aligning responsibilities and objectives to enhance their performance and career development. Skills and attributes for success Exceptional problem-solving abilities. Excellent verbal and written communication skills for global collaboration. Current knowledge of technologies and standards, particularly in PKI/PKE. Strong foundation in IT security principles and secure coding techniques. Effective team leadership and resource management. Extensive experience with Public Key Infrastructure (PKI). Familiarity with CyberArk/Venafi certificate management suite. Experience with Code Signing processes. Proficient with Hardware Security Modules (HSM) technology (SafeNet/nCipher). PowerShell scripting skills and understanding of REST APIs. Experience in cloud-based PKI management with Azure or AWS. To qualify for the role, you must have Education Bachelor's or master's degree in information assurance, computer science, information systems, or a related field. Experience: 12+ years of practical IT experience. 8+ years specifically in Information Security. 6+ years of hands-on PKI engineering experience. What we offer you The compensation range for this role reflects our commitment to equitable pay. The base salary for this position across the US is between $128,100 and $239,600, with variations for the New York City Metro Area, Washington State, and California (excluding Sacramento). Salary determinations will consider factors like education, experience, skills, and location. Our Total Rewards package also includes medical and dental coverage, pension and 401(k) plans, and various paid time off options. Experience our hybrid work model, where client-facing employees typically work together in person 40-60% of the time throughout projects. Enjoy a flexible vacation policy, allowing you to determine how much time off you need, along with designated EY Paid Holidays, Winter/Summer breaks, Personal/Family Care leave, and other support options for your well-being. Are you ready to shape your future with confidence? Apply today. EY accepts applications on an ongoing basis. We prioritize ethical standards and integrity at EY and expect all candidates to uphold these values. EY | Building a better working world Join us in our mission to create value for clients, society, and the planet while fostering trust in financial markets. Our teams leverage data, AI, and advanced technology to address today's and tomorrow's challenges across assurance, consulting, tax, strategy, and transactions. EY operates in over 150 countries and territories, supported by diverse insights and multidisciplinary networks. We are an equal opportunity employer and welcome applicants without regard to race, color, religion, age, sex, sexual orientation, gender identity, pregnancy, genetic information, national origin, protected veteran status, disability status, or any other legally protected basis, in accordance with applicable law. We are committed to providing reasonable accommodations for qualified individuals, including veterans with disabilities. If you need assistance with the application process or require accommodations during any stage, please reach out to our Talent Shared Services Team.

Created: 2026-03-10