PKI Architect - Identity & Access Management

Overview This role sits within PepsiCo's Global Identity and Access Management (IAM) team and focuses on PKI engineering and operational initiatives that support the company's global digital certificate, cryptography, non-human identity (NHI) management, and encryption requirements. The individual will have end-to-end ownership of enterprise PKI platforms, including Microsoft Active Directory Certificate Services (AD CS), public certificate authorities (such as DigiCert), and certificate lifecycle management solutions. This is a hands-on role responsible for the design, installation, configuration, and ongoing operation of PKI services across global environments. The role supports both strategic engineering initiatives and day-to-day PKI operations, serving as the internal subject matter expert for certificate-based trust, automation, and lifecycle management. This position is based at PepsiCo's FLNA headquarters in Plano, TX. ResponsibilitiesEngineering and solutioning PKI design and cross functional integrations Assisting users on submitting SSL certificate requests Managing and driving NHI discovery and management Working on Incidents, alerts, service requests in ITSM Issuing and managing both Internal and external CA certificates using cert management tool Assisting users to download the certificate from cert management tool Domain management for issuing external (Entrust) SSL certificates. Provisioning (pushing SSL certificates into server) of SSL certificates to AWS, Java JKS and Windows servers Provide support on installation of SSL certificates in Windows IIS, JAVA JKS, Unix/Linux, Apache, Tomcat, Azure Key vault, AWS ALB/ELB, F5's etc. Provide support on generating a CSR or converting certificate formats using open SSL Maintaining data and sending follow up emails on certificates expiry, before they get expired, to avoid warnings and outages Preparing and presenting weekly and monthly reports on Service requests, Incidents, and alerts Follow up with users for closure of pending tickets. Providing end to end operational support to internal customers. Managing certificate and key ownership data and keeping it up to date Working Knowledge of ITSM process (Request management, change management, Incident management) on tools such as SNOW Configuring and managing ADCS, CRL and OCSP Services Document all key generation and management activities Creating and maintaining CPS, architecture, Process and Run book documents Communicate progress, findings, and ensure successful handoff of deliverables to program and operational teams Provide detailed project Status to stakeholders Collect feedback from stakeholders and users of security capabilities and incorporate that feedback into service Compensation and Benefits: The expected compensation range for this position is between $93,500 - $156,450. Location, confirmed job-related skills, experience, and education will be considered in setting actual starting salary. Your recruiter can share more about the specific salary range during the hiring process. Bonus based on performance and eligibility target payout is 10% of annual salary paid out annually. Paid time off subject to eligibility, including paid parental leave, vacation, sick, and bereavement. In addition to salary, PepsiCo offers a comprehensive benefits package to support our employees and their families, subject to elections and eligibility: Medical, Dental, Vision, Disability, Health, and Dependent Care Reimbursement Accounts, Employee Assistance Program (EAP), Insurance (Accident, Group Legal, Life), Defined Contribution Retirement Plan. QualificationsMinimum Qualifications: Bachelor's degree in technology or engineering 12 plus years of overall IT and security experience 10 plus of experience of PKI, Cryptography/ Encryption technologies, NHI management and EKCLM Proficient in PowerShell scripting, API development and integration Good working knowledge of various cloud platforms (Azure, AWS) focused on deployment and integration Skilled at collaborating across cross-functional teams and with a multicultural experience Teamwork and Leadership/Coaching capabilities Mandatory Skills: Good working knowledge of cryptographic and modern auth protocols Well versed with Certificate based authentication and device trust In depth knowledge of Active Directory Certificate Services (AD CS) In depth knowledge of CRL and OCSP and their functionality Familiarity with PKI and cryptographic terminology and management Knowledge of CLM tool such as Venafi, AppviewX, Keyfactor added advantage Hands on experience and Working knowledge of Thales HSM Hands on experience and working knowledge of public CA Good working knowledge of cloud platforms (Azure and AWS) and SaaS offerings for PKI and EKCLM Knowledge of Active Directory domain service Knowledge of scripting languages such as PowerShell, API based automation Knowledge of ITSM processes like request, incident, change management etc. Mandatory non tech skills: Ability to work as a team player and support cross functional teams Results-oriented, able to complete assignments in a timely and accurate manner, and manage multiple priorities Adaptable to multi-cultural environment and ways of working across time zones Strong oral and written communications skills Ability to work within project timelines Deliver outcomes with a little supervision, must be a self-starter and self-motivator Proactive approach and enthusiasm for problem identification and solving Ability to think strategically and suggest creative solutions Ability to synthesize complex requirements into simple business practices Flexible and able to adapt to changing priorities > Our Company will consider for employment qualified applicants with criminal histories in a manner consistent with the requirements of the Fair Credit Reporting Act, and all other applicable laws, including but not limited to, San Francisco Police Code Sections 4901-4919, commonly referred to as the San Francisco Fair Chance Ordinance; and Chapter XVII, Article 9 of the Los Angeles Municipal Code, commonly referred to as the Fair Chance Initiative for Hiring Ordinance. All qualified applicants will receive consideration for employment without regard to age, race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, or disability status. PepsiCo is an Equal Opportunity Employer: Female / Minority / Disability / Protected Veteran / Sexual Orientation / Gender Identity / Age. If you'd like more information about your EEO rights as an applicant under the law, please download the available EEO is the Law & EEO is the Law Supplement documents. View PepsiCo EEO Policy. Please view our Pay Transparency Statement

Created: 2026-03-10