-
Engineer, PKI
- NBC Universal (Orlando, FL)
-
NBCUniversal is one of the world's leading media and entertainment companies. We create world-class content, which we distribute across our portfolio of film, television, and streaming, and bring to life through our theme parks and consumer experiences. We own and operate leading entertainment and news brands, including NBC, NBC News, MSNBC, CNBC, NBC Sports, Telemundo, NBC Local Stations, Bravo, USA Network, and Peacock, our premium ad-supported streaming service. We produce and distribute premier filmed entertainment and programming through Universal Filmed Entertainment Group and Universal Studio Group, and have world-renowned theme parks and attractions through Universal Destinations & Experiences. NBCUniversal is a subsidiary of Comcast Corporation.
Our impact is rooted in improving the communities where our employees, customers, and audiences live and work. We have a rich tradition of giving back and ensuring our employees have the opportunity to serve their communities. We champion an inclusive culture and strive to attract and develop a talented workforce to create and deliver a wide range of content reflecting our world.
Comcast NBCUniversal has announced its intent to create a new publicly traded company ('Versant') comprised of most of NBCUniversal's cable television networks, including USA Network, CNBC, MSNBC, Oxygen, E!, SYFY and Golf Channel along with complementary digital assets Fandango, Rotten Tomatoes, GolfNow, GolfPass, and SportsEngine. The well-capitalized company will have significant scale as a pure-play set of assets anchored by leading news, sports and entertainment content. The spin-off is expected to be completed during 2025.
The Public Key Infrastructure (PKI) Engineer will be a key member of the new Versant Cyber organization and is responsible for designing, implementing, and maintaining the cryptographic infrastructure used to secure communications, authenticate identities, and protect data across digital systems. As this work is foundational to enabling secure operations across cloud, hybrid, and on-prem environments, this individual is a leader over the PKI discipline.
RESPONSIBILITIES:
Key areas of focus for the PKI Engineer include certificate lifecycle management through end-to-end automation of issuance, rotation, and revocation, maintenance of secure CA hierarchy and trust chains, and PKI integration with CI/CD pipelines, secrets stores, and signing tools. The successful candidate will be responsible for the following activities:
+ Manage enterprise Certificate Authorities (CAs), including Root and Intermediate CAs (internal and third-party).
+ Maintain Certificate Revocation Lists (CRLs) and Online Certificate Status Protocol (OCSP) services.
+ Oversee the issuance, renewal, and revocation of user, device, service, and application certificates.
+ Implement certificate lifecycle automation to reduce manual errors and expiry risk.
+ Promote, foster, and advocate for an environment of collaboration, diversity, and inclusion.
+ Ensure systems adhere to industry best practices for encryption, signing, and key usage (e.g., RSA, ECC, SHA-2, TLS 1.2/1.3).
+ Stay current with NIST guidelines, WebTrust requirements, and corporate cryptographic policies.
+ Manage private key protection using Hardware Security Modules (HSMs), Trusted Platform Modules (TPMs), or cloud KMS.
+ Ensure secure storage, usage, and backup of cryptographic materials.
+ Investigate and remediate certificate-related outages or compromise scenarios (e.g., mass expiration, misissuance, stolen keys).
+ Collaborate and drive productivity and effective integration with adjacent Versant Cyber functions and specifically the synergies required across the security stack and technology platforms.
+ Minimum 5 years experience in identity and access management (IAM), security engineering, or infrastructure roles, with a strong focus on PKI, cryptography frameworks, or certificate management.
+ Experience with cryptographic algorithms like RSA, ECC, SHA-2, AES, and hybrid post-quantum readiness is a plus.
+ Experience managing PKI platforms such as Microsoft ADCS, Venafi, Keyfactor, DigiCert, AWS Certificate Manager, or HashiCorp Vault.
+ Deep understanding of TLS/SSL, S/MIME, PGP, Code signing, and HTTPS
+ Experience supporting compliance for TLS/HTTPS, code signing, and encryption policies.
+ Strong documentation skills for crypto policies, key ceremonies, and procedures.
+ Ability to partner with teams across security, IT, DevOps, and application delivery.
+ Experience providing direct support and input to business executives and taking a lead role in driving the strategic direction of the organization’s mission.
+ Bachelor’s Degree in an IT related field and/or equivalent work experience.
DESIRED CHARACTERISTICS:
+ Previous experience working in multiple large complex environments and specifically within the Identity and/or Security Engineering components of those organizations.
+ Previous experience working in identity, security engineering, and/or information security functions in the media and advanced technology industries.
+ Master’s Degree in an IT related field.
Additional Requirements:
+ Fully Remote: This position has been designated as fully remote, meaning that the position is expected to contribute from a non-Versant worksite, most commonly an employee’s residence.
This position is eligible for company sponsored benefits, including medical, dental and vision insurance, 401(k), paid leave, tuition reimbursement, and a variety of other discounts and perks. Learn more about the benefits offered by NBCUniversal by visiting the Benefits page (https://www.nbcunicareers.com/benefits) of the Careers website. Salary range: $105,000 - $135,00.
We are accepting applications for this position on an ongoing basis.
As part of our selection process, external candidates may be required to attend an in-person interview with an NBCUniversal employee at one of our locations prior to a hiring decision. NBCUniversal's policy is to provide equal employment opportunities to all applicants and employees without regard to race, color, religion, creed, gender, gender identity or expression, age, national origin or ancestry, citizenship, disability, sexual orientation, marital status, pregnancy, veteran status, membership in the uniformed services, genetic information, or any other basis protected by applicable law.
If you are a qualified individual with a disability or a disabled veteran, you have the right to request a reasonable accommodation if you are unable or limited in your ability to use or access nbcunicareers.com as a result of your disability. You can request reasonable accommodations by emailing [email protected].
Although you'll be hired as an NBCU employee, your employment and the responsibilities associated with this job likely will transition to Versant in the future. By joining at this pivotal time, you'll be a part of this exciting company as it takes shape.
For LA County and City Residents Only: NBCUniversal will consider for employment qualified applicants with criminal histories, or arrest or conviction records, in a manner consistent with relevant legal requirements, including the City of Los Angeles' Fair Chance Initiative For Hiring Ordinance, the Los Angeles County Fair Chance Ordinance for Employers, and the California Fair Chance Act, where applicable.
-
Recent Searches
- Business Analytics Lead SQL (Pennsylvania)
- Receiver Material Control (Texas)
- Full Stack NET Developer (Pennsylvania)
- Chief Infrastructure Automation Engineer (Minnesota)
Recent Jobs
-
Engineer, PKI
- NBC Universal (Orlando, FL)
-
VP, Assistant Controller
- Banc of California (Santa Ana, CA)
-
Senior TEMPEST Lead
- General Dynamics Information Technology (Springfield, VA)