• IT Security Engineer III - Credential Hardening…

    ThermoFisher Scientific (Pittsburgh, PA)


    Work Schedule

     

    First Shift (Days)

     

    Environmental Conditions

     

    Office

    Job Description

    About the Role

     

    This position is with Thermo Fisher Scientific, an inclusive employer and a member of myGwork -- the largest global platform for the LGBTQ+ business community.

     

    At Thermo Fisher Scientific, you'll lead groundbreaking changes in our certificate management and credential hardening approaches worldwide, impacting over 100,000 colleagues.

    Position Overview

    In the role of Credential Hardening & Certificate Management Engineer, you will act as the primary SME and program leader for enterprise-wide secrets hardening and certificate lifecycle management initiatives. Operating with significant independence, you will function as an internal transformation consultant, identifying strategic points to enforce standard processes and promote cultural change around credential security. This position complements PAM initiatives and requires the capability to engineer tool-agnostic solutions in a dynamic technology landscape.

    Key Responsibilities

    Strategic Program Leadership

    + Lead credential hardening transformation initiatives across the organization, identifying and eliminating legacy practices that compromise security posture

    + Drive initiatives with the enterprise certificate lifecycle management program, establishing strategy, roadmaps, and success metrics aligned with quantum computing threats and industry trends

    + Act as the main subject matter expert for standard methodologies in managing secrets, automating certificate lifecycles, and securing credentials.

    + Develop strategic leverage points to drive organizational change and overcome resistance to security improvements

    + Engineer tool-agnostic flows that can adapt to changing technology landscapes and vendor transitions

    Transformation & Program Management

    + Function as an internal turnaround consultant for credential security practices, identifying systemic issues and crafting comprehensive remediation strategies

    + Challenge existing paradigms and "that's the way we do things" mentalities through data-driven analysis and strategic influence

    + Develop and implement strategies to increase adoption of standard methodologies across various business units

    + Complete and deliver credential hardening and certificate management investments

    + Design and implement cultural transformation initiatives that embed security-first thinking into operational processes

    Engineering & Automation

    + Implement automated certificate rotation systems to address shrinking certificate lifecycles driven by quantum computing threats, including migration to quantum-resistant algorithms

    + Engineer scalable certificate management efforts that integrate with existing infrastructure while maintaining vendor agnostic flexibility and with preference on agility for post-quantum transitions

    + Develop comprehensive secrets management frameworks that enforce least privilege, rotation, and audit requirements to strengthen credential workflows

    + Develop advanced monitoring and alerting systems for certificate expiration, rotation failures, compliance deviations, and quantum readiness assessments

    + Design integration strategies between certificate management, PAM initiatives, and broader security infrastructure with quantum threat in mind

    Cross-Functional Leadership & Influence

    + Lead cross-functional efforts in implementing credential and certificate security improvements by seeing the work and helping the organization achieve clarity on where it is to head

    + Represent certificate management initiatives in enterprise engineering, security governance, and compliance committees

    + Collaborate with PAM teams to ensure complementary and multi-layered security strategies

    + Foster agreement among collaborators with competing priorities and establish unified approaches to credential security

    + Mentor and train technical teams on credential management standard methodologies and emerging threats

    Secrets Threat Mitigation & Risk Management

    + Develop and implement quantum readiness assessments for existing certificate and credential infrastructure, identifying vulnerable cryptographic implementations

    + Develop transition plans for post-quantum cryptography with migration strategies based on timing and risk prioritization

    + Implement and drive understanding of frameworks that enable rapid algorithm transitions as quantum threats evolve and new standards emerge

    + Develop quantum threat intelligence notifications that monitor advances in quantum computing and adjust security postures proactively

    + Establish understanding of hybrid classical-quantum cryptographic systems during transition periods to maintain security while preparing for post-quantum era

    Process Innovation & Optimization

    + Identify and eliminate inefficiencies in current secrets and certificate management processes through root cause analysis and quantum threat impact assessment

    + Develop metrics to measure program success, improvements in security posture, organizational maturity, and readiness levels for quantum technology

    + Design automated compliance reporting and audit preparation processes that include credential hardening compliance requirements

    + Develop repeatable methodologies for certificate lifecycle management that incorporate quantum-safe practices and can scale across global operations

    + Establish governance frameworks for certificate and credential policy enforcement with quantum threat considerations coordinated

    Technology Platform Management

    + Maintain deep expertise in common enterprise tooling while preparing for potential platform transitions

    + Evaluate and recommend new secrets management platforms based on strategic requirements

    + Design migration strategies that prioritize urgency of need, so our security posture does not become lax

    + Develop vendor-agnostic and dual implementation approaches that protect against technology and vendor lock-in

    + Enhance integration methodologies to improve existing infrastructure investments

    Required Qualifications

    Education & Certifications

    + Bachelor's degree in Cybersecurity, Computer Science, Systems Engineering, or related field (equivalent experience accepted)

    + Advanced certifications required: CISSP, CISM, or CCSP with focus on identity and access management or equivalent

    + Credential management or consulting certifications strongly preferred (e.g. CyberArk Guardian, etc.)

    + Certificate management training preferred: Feisty Duck Practical TLS and PKI or similar

    Experience

    + 8+ years of enterprise security experience with focus on identity, access management, or certificate/PKI systems

    + 5+ years of program or project leadership experience driving organizational transformation

    + 3+ years of hands-on experience with certificate management platforms, PKI infrastructure, and secrets management

    + Demonstrated experience as a change agent or transformation consultant in security domains

    + Proven track record of challenging status quo and driving process improvements in large organizations

    Technical Skills

    + Expert proficiency in secrets management, credential hardening, privileged access principles, and quantum-safe credential protection mechanisms

    + Advanced knowledge of PKI, certificate lifecycles, automated rotation technologies, and post-quantum cryptography standards (NIST PQC, hybrid certificates)

    + Strong experience with secrets/certificates management platforms, including quantum readiness assessment capabilities

    + Demonstrated ability to engineer tool-agnostic solutions, manage technology transitions, and implement crypto agile frameworks

    + Experience with SaaS secrets and certificate management, DevOps integration, infrastructure automation, and quantum-safe practices

    + Advanced knowledge of quantum computing impacts on cryptography, secrets and certificate management strategies, and post-quantum transition planning

    Leadership & Consulting Skills

    + Outstanding influence and persuasion abilities with track record of inspiring change without direct authority

    + Critical thinking and problem-solving skills to identify key points for organizational transformation

    + Strong consulting and advisory skills with experience challenging existing practices and driving improvements

    + Excellent communication abilities with capability to present complex technical concepts to executive audiences

    + Proven mentorship and training capabilities with track record of developing technical teams

    + Cultural change leadership with experience overcoming organizational resistance to security improvements

    Specialized Proficiencies

    + Comprehensive understanding of secrets management and specific mitigation strategies for enterprise environments

    + Experience with regulatory compliance requirements (SOX, PCI DSS, HIPAA) related to certificate and credential management, including emerging quantum-safe compliance standards

    + Expertise in threat modeling and risk assessment methodologies for credential security with quantum threat scenarios and impact analysis

    + Proficiency with DevSecOps practices, automated security integration, and quantum-safe CI/CD pipeline security

    + Deep understanding of zero trust architecture principles, implementation strategies, and quantum-resilient zero trust frameworks

    + Knowledge of post-quantum cryptography algorithms (lattice-based, hash-based, multivariate, isogeny-based) and their practical implementation challenges

     

    What We Offer

     

    Join our world-class organization and lead groundbreaking change in enterprise security. Drive meaningful impact across our global operations while developing brand new solutions for tomorrow's security challenges. We offer competitive compensation, comprehensive benefits, executive development opportunities, and the chance to craft the future of certificate and credential security. Apply today at: http://jobs.thermofisher.com

     

    Thermo Fisher Scientific Inc. is an equal opportunity employer offering reasonable accommodations for applicants with disabilities. We value diversity and inclusion in our workforce. #StartYourStory with us.

     

    Compensation and Benefits

     

    The salary range estimated for this position based in Maryland is $113,500.00–$170,200.00.

     

    This position may also be eligible to receive a variable annual bonus based on company, team, and/or individual performance results in accordance with company policy. We offer a comprehensive Total Rewards package that our U.S. colleagues and their families can count on, which includes:

     

    + A choice of national medical and dental plans, and a national vision plan, including health incentive programs

    + Employee assistance and family support programs, including commuter benefits and tuition reimbursement

    + At least 120 hours paid time off (PTO), 10 paid holidays annually, paid parental leave (3 weeks for bonding and 8 weeks for caregiver leave), accident and life insurance, and short- and long-term disability in accordance with company policy

    + Retirement and savings programs, such as our competitive 401(k) U.S. retirement savings plan

    + Employees’ Stock Purchase Plan (ESPP) offers eligible colleagues the opportunity to purchase company stock at a discount

     

    For more information on our benefits, please visit: https://jobs.thermofisher.com/global/en/total-rewards

     

    Thermo Fisher Scientific is an EEO/Affirmative Action Employer and does not discriminate on the basis of race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, disability or any other legally protected status.