Senior Consultant (CLM / PKI)

Key responsibilities include:

• Leading workshops to capture current-state certificate management processes, pain points, risks, stakeholders, and business requirements.
• Assessing the existing PKI and certificate landscape, including public and private CAs, internal/external certificates, TLS/SSL usage, certificate ownership, renewal processes, and expiry monitoring.
• Defining the target-state CLM operating model, including roles, responsibilities, governance, policy, lifecycle workflows, reporting, and automation opportunities.
• Creating tool-selection criteria and supporting the evaluation of CLM platforms against business, security, operational, and integration requirements.
• Supporting the selection of a CLM tool suitable for enterprise use, including discovery, inventory, monitoring, alerting, renewal, revocation, and reporting capabilities.
• Designing and executing a PoC for the selected CLM tool, including scope, test cases, success criteria, integration points, findings, and recommendations.
• Advising on certificate lifecycle stages, including issuance, deployment, monitoring, renewal, revocation, retirement, and private-key handling.
• Identifying automation opportunities for certificate enrolment, renewal, deployment, and revocation.
• Producing clear documentation, including assessment findings, requirements, tool scorecard, PoC plan, PoC results, risks, dependencies, and implementation roadmap.
• Working closely with DXC security, infrastructure, cloud, network, application, and service-management teams.

Required experience includes:

• Strong experience in Certificate Lifecycle Management, PKI, digital certificates, and enterprise security architecture.
• Practical knowledge of X.509 certificates, TLS/SSL, certificate chains, trust stores, root and issuing CAs, certificate policies, and key-management principles.
• Experience with enterprise PKI platforms and certificate services, such as Microsoft AD CS and/or comparable CA technologies.
• Experience with CLM or certificate management tools such as Venafi, Keyfactor, AppViewX, DigiCert, Sectigo, or similar platforms.
• Experience designing or supporting certificate discovery, inventory, monitoring, alerting, renewal, and reporting processes.
• Ability to define tool-selection frameworks, evaluation criteria, weighted scorecards, and PoC success measures.
• Understanding of enterprise infrastructure environments including Windows, Linux, web servers, load balancers, reverse proxies, cloud platforms, and network devices.
• Experience integrating certificate management with ITSM, CMDB, monitoring, SIEM, DevOps, cloud, and automation platforms.
• Strong stakeholder-management, consulting, workshop facilitation, and technical documentation skills.

Desirable experience includes:

• Experience with cloud certificate services such as AWS Certificate Manager, Azure Key Vault Certificates, or equivalent.
• Experience with Kubernetes certificates, ingress certificates, cert-manager, service mesh, or container-platform certificate automation.
• Knowledge of ACME, SCEP, EST, APIs, scripting, and automation using PowerShell, Python, shell scripting, or infrastructure-as-code.
• Experience in regulated, audited, or large enterprise environments.
• Knowledge of HSMs, private-key protection, code-signing certificates, device certificates, and machine identity management.
• Relevant certifications such as CISSP, CCSP, CISM, Microsoft security certifications, cloud security certifications, or vendor-specific PKI/CLM certifications.