As a leader in the identification and authentication industry, the Zetes People ID division has run and is still running several ID-related contracts on different continents and issued more than 40 million e-documents over the past 15 years. The Belgian eID, e-passport and driving license contracts are some of the most known contracts.
To support its future development, Zetes is looking for a PKI Administrator for ZetesConfidens
We have an opportunity for a PKI architect / administrator with a can-do attitude to work for ZetesConfidens.
The environment
ZetesConfidens provides so called Trust Services like digital signatures, timestamps, certificate issuance, smartcard issuance, etc. for the private sector and for government customers.
Our team is based in two locations in the periphery of Brussels (Haren-Brussel and Ruisbroek), both located close to the ringway and to train stations (resp. a 2 minutes and 12 minutes' walk to the office).
You work in a small and experienced team in close collaboration with SysAdmin and DevOps colleagues. On occasion you will work on joint projects with our team of developers and with the development team at division level.
IMPORTANT - Security Clearance
Candidates must be eligible to a security clearance from the Belgian State Security office. It is recommended that you either have the Belgian nationality or the nationality of a EU/NATO member state and/or have lived several years in Belgium.
The function as we see it now
- You design the PKI architecture and define the roadmap for the PKI components.
- You define the key management policy and certificate management policy
- You organize and execute activities like:
- Key ceremonies
- Configuration and initialisation of new PKI components or systems
- Audits, remediation and follow-up of recommendations
- Update and improve existing procedures
- You co-author certification practice statements, certificate policies, timestamp policies, etc.
- Your responsibilities for PKI management include:
- Day to day administration of the PKI infrastructure including CA and VA, HSM, backup media, timestamping infrastructure, etc.
- Perform exceptional tasks such as manual Certificate Enrolment, Certificate Revocation, etc.
- Define and describe the CA hierarchy, PKI architecture, configurations, etc.
- Define and describe the lifecycles for all managed objects such as certificates, keys, CRLs, etc.
- Provide support of certificate services projects and operation support
- Prepare and document configuration scripts
- Install, configure and maintain the operational environment
- Configuration of the PKI application software
- Maintain a test environment and test all critical procedures on this test environment
- Select smartcards and HSMs (e.g. smartcards for digital signature, HSM for server side signing)
- Your responsibilities for system maintenance and documentation:
- Troubleshooting and problem solving
- Maintain the integrity and security of servers and HSMs
- Maintain system documentation
- Define and (for specific purposes) implement or assist with the implementation of monitoring tools, specifically related to monitoring performance and availability for SLA for public services (CRL publication, Web site, OCSP responder, certificate & revocation request handling, etc.)
- For the PKI equipment you do preventive maintenance and tests; following manufacturer's instructions; troubleshooting malfunctions; calling for repairs; maintaining equipment inventories; evaluating new equipment and techniques.
- Monitoring of PKI related Key Performance Indicators, analysis and reporting of incidents, follow technology trends
- Make recommendations to purchase Hardware and software, coordinates installation and provides backup recovery
- Your responsibilities for integration and deployment:
- Deploy the core PKI software components and the HSMs in close collaboration with the system administration team
- Define and describe the interfaces and protocols for integration of the core PKI components with external systems for card personalisation , card management and certificate management
- Create customized tools / software / scripts for highly specialised PKI-specific tasks
- Coordinate the installation and maintenance of the PKI systems
Requirements and Skills
- Bachelor degree or master degree
- Several years' experience with PKI
- Experience in in Security Management is a plus
- General understanding of ICT
- Good analytical skills
- You can handle complex information and are able to describe ICT environments, write functional descriptions, procedures, reports, etc.
- You have attention to detail
- Experience with a combination of the following:
- Public Key Infrastructure (Internal and Internet)
- 509 Digital Certificate Management
- Hardware Security Modules
- Key Management
- Cryptography Algorithms
- TLS, XAdES, PAdES
- Nice to Have:
- Experience with scripting languages, i.e. Shell Script, Python, Perl, PowerShell, Bash...
- SysAdmin experience with Linux or Windows
Language skills
- Our internal working language is English
- For contacts with colleagues a good understanding of Dutch and French is beneficial
- Other European languages are a bonus
The offer you can't refuse
- Work within a dynamic experienced team with large-scale projects
- A lot of fun and challenges
- A high level of autonomy and responsibility with adaptable and flexible spirit
- Unquestionable ethics, integrity and judgment
- A full-time job mainly in the zetes office in 1601 Ruisbroek (Flemish Brabant)
- Flexible working hours
- Continuous learning in the market of People-ID
- Attending relevant seminars and specific training courses
- A very attractive remuneration package and bonus plan in-line with your experience
- Company car
- Additionally an extensive benefit and compensation plan including multiple insurance plans.
Are you triggered by this unique fascinating and challeging opportunity ?
Please send your application letter and CV via the button below.
