PKI Engineer - Identity & Access Management

Overview Join PepsiCo's dynamic Global Identity and Access Management (IAM) team as a PKI Engineer. In this pivotal role, you will lead the engineering and operational initiatives that underpin our global digital certificate, cryptography, non-human identity (NHI) management, and encryption needs. You will take full ownership of our enterprise PKI platforms, such as Microsoft Active Directory Certificate Services (AD CS) and public certificate authorities like DigiCert. This hands-on position will involve designing, installing, configuring, and operating PKI services across various global environments, becoming the subject matter expert in certificate-based trust, automation, and lifecycle management. This position is based at PepsiCo's FLNA headquarters in Plano, TX. Responsibilities Design and engineer robust PKI solutions while ensuring smooth integration across functions. Support users with the submission of SSL certificate requests. Drive and manage NHI discovery and management initiatives. Handle incidents, alerts, and service requests in ITSM. Issue and manage both Internal and external CA certificates utilizing certificate management tools. Assist users in retrieving certificates from the management tool. Manage domains for issuing external (Entrust) SSL certificates. Facilitate SSL certificate provisioning to AWS, Java JKS, and Windows servers. Provide installation support for SSL certificates across various platforms including Windows IIS, Java JKS, Unix/Linux, Apache, Tomcat, Azure Key Vault, AWS ALB/ELB, and F5. Assist in generating CSRs and converting certificate formats using OpenSSL. Maintain data regarding certificate expirations and send timely reminders to prevent service disruptions. Prepare and present weekly and monthly reports on service requests, incidents, and alerts. Follow up with users to ensure timely closure of pending tickets. Provide comprehensive operational support to internal customers. Keep certificate and key ownership data current. Understand and apply ITSM processes (Request management, Change management, Incident management) using tools like SNOW. Configure and manage ADCS, CRL, and OCSP Services. Document all key generation and management activities thoroughly. Create and maintain critical documentation including CPS, architecture, processes, and runbooks. Communicate project progress and findings, ensuring successful handoff to program and operational teams. Collect and incorporate stakeholder feedback to enhance security capabilities. Compensation and Benefits: The expected salary range for this role is $93,500 - $156,450. Actual starting salary will be based on your skills, experience, and education. Recruiters will provide details during the hiring process. Eligible candidates may receive a performance-based bonus of up to 10% of their annual salary. Enjoy paid time off, including parental leave, vacation, sick days, and bereavement leave. PepsiCo offers a comprehensive benefits package including medical, dental, vision, and retirement plans, along with employee assistance programs. Qualifications Bachelor's degree in technology or engineering. At least 12 years of overall IT and security experience. Over 10 years of experience with PKI, Cryptography/Encryption technologies, NHI management, and EKCLM. Proficient in PowerShell scripting, API development, and integration. Good working knowledge of various cloud platforms (Azure, AWS). Exceptional teamwork and leadership/coaching skills with experience in multicultural environments. Mandatory Skills: Strong understanding of cryptographic protocols and modern authentication. Well-versed in certificate-based authentication and device trust. Deep knowledge of Active Directory Certificate Services (AD CS). In-depth understanding of CRL and OCSP functionalities. Familiarity with PKI and cryptographic terminology and management. Experience with certificate lifecycle management tools such as Venafi, AppviewX, or Keyfactor is a plus. Hands-on experience with Thales HSM. Experience working with public Certificate Authorities. Good working knowledge of cloud services for PKI and EKCLM. Familiarity with Active Directory domain services. Experience with scripting languages like PowerShell and API-based automation. Knowledge of ITSM processes, including request, incident, and change management. Mandatory Non-Technical Skills: Ability to collaborate effectively as a team player. Results-oriented with the ability to complete tasks accurately and on time while managing multiple priorities. Adaptability to work in a multicultural environment and across different time zones. Excellent oral and written communication skills. Effective time management within project timelines. A self-starter who requires minimal supervision to deliver outcomes. A proactive and enthusiastic problem solver. Capability to think strategically and provide innovative solutions. Ability to simplify complex requirements into straightforward business practices. Flexibility to adapt to changing priorities.

Created: 2026-03-10