Entity:

Technology

Job Family Group:

IT&S Group

Job Description:

Job Summary

We are seeking a skilled and detail-oriented PKI Engineer to build, implement, and maintain Public Key Infrastructure (PKI) systems across internal and external environments. The ideal candidate will have hands-on experience with Microsoft ADCS, certificate lifecycle management (Venafi), and integration with external PKI providers. This role is critical to ensuring secure authentication, encryption, and digital signing across enterprise systems.

Key Responsibilities

• Build, deploy, and handle Internal CA hierarchy (Root CA, Subordinate CA) using Microsoft ADCS.

• Integrate and handle External PKI services (e.g., DigiCert) for public-facing applications and services.

• Implement and maintain certificate lifecycle management using platforms like Venafi

• Ensure compliance with security policies, certificate guidelines, and industry standards (e.g., NIST).

• Handle CRL and OCSP configurations, including load balancing and high availability.

• Monitor and fix PKI-related issues including certificate enrollment, revocation, and authentication failures.

• Collaborate with security, infrastructure, and application teams to support secure communications and identity assurance.

• Maintain documentation for PKI architecture, processes, and operational procedures.

• Support code signing, document signing, and device authentication use cases.

• Evaluate and implement post-quantum cryptography readiness strategies.

Required Skills & Qualifications

• Bachelor's degree in computer science, Information Security, or related field.

• Demonstrated ability in PKI engineering or related security infrastructure roles.

• Proven understanding of Microsoft ADCS, including offline Root CA and online Subordinate CA setup.

• Experience with HSMs (Hardware Security Modules) for key protection.

• Familiarity with external PKI providers and certificate issuance processes.

• Understanding of X.509 certificate standards, TLS/SSL

• Experience with certificate automation tools (e.g., Venafi, ACME clients).

• Knowledge of Active Directory, LDAP, and Kerberos authentication.

• Awareness of quantum-safe cryptography and emerging PKI trends.

• Strong analytical and problem-solving skills.

• Excellent communication and documentation abilities.

Preferred Certifications

• Microsoft Certified: Cybersecurity Architect / Identity and Access Administrator

• Certified Information Systems Security Professional (CISSP)

• Certified PKI Professional (CPKI)

• Venafi or Keyfactor platform certifications (if applicable)

About bp

Our purpose is to deliver energy to the world, today and tomorrow. For over 100 years, bp has focused on discovering, developing, and producing oil and gas in the nations where we operate. We are one of the few companies globally that can provide governments and customers with an integrated energy offering. Delivering our strategy sustainably is fundamental to achieving our ambition to be a net zero company by 2050 or sooner!

We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform crucial job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation.

We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, sex, gender, gender expression, sexual orientation, age, marital status, veteran status, or disability status.

Even though the job is advertised as full time, please contact the hiring manager or the recruiter as flexible working arrangements may be considered.

Travel Requirement

Up to 10% travel should be expected with this role

Relocation Assistance:

This role is eligible for relocation within country

Remote Type:

This position is a hybrid of office/remote working

Skills:

Cloud Platforms, Cloud Platforms, Collaboration, Communication, Configuration management and release, Continuous deployment and release, Creating a high performing team, Database Design, Digital Project Management, Documentation and knowledge sharing, Emerging technology monitoring, Facilitation, Information Security, Mentoring, Metrics definition and instrumentation, NoSql data modelling, Problem Solving, Relational Data Modelling, Risk Management, Scripting, Secure development, Service operations and resiliency, Software Design and Development, Solution Architecture, Source control and code management {+ 5 more}

Legal Disclaimer:

We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, sex, gender, gender expression, sexual orientation, age, marital status, socioeconomic status, neurodiversity/neurocognitive functioning, veteran status or disability status. Individuals with an accessibility need may request an adjustment/accommodation related to bp’s recruiting process (e.g., accessing the job application, completing required assessments, participating in telephone screenings or interviews, etc.). If you would like to request an adjustment/accommodation related to the recruitment process, please contact us.

If you are selected for a position and depending upon your role, your employment may be contingent upon adherence to local policy. This may include pre-placement drug screening, medical review of physical fitness for the role, and background checks.