IT Risk and Security Engineer

DTCC is seeking an IT Risk and Security Engineer specializing in Digital Certificates Management. This role is crucial for defining, implementing, and operating enterprise-wide governance for non-human identities, including applications, workloads, services, APIs, cloud resources, and devices. You will own the strategy, policy, and lifecycle management of digital certificates, cryptographic keys, and related machine credentials across hybrid, multi-cloud, and on-premises environments.

Key Responsibilities:

• Assist with the end-to-end certificate lifecycle: request, issuance, renewal, rotation, revocation, and decommissioning.
• Support the execution of machine identity governance policies and standards for non-human identities.
• Maintain and update inventories of machine identities, including certificates, keys, and service credentials.
• Identify orphaned, expired, or misconfigured machine identities.
• Monitor adherence to governance controls and escalate exceptions or risks.
• Support audits, risk assessments, and compliance activities related to machine identities.
• Document machine identity processes, standards, and operational procedures.
• Coordinate with IAM, cloud, and application teams to ensure governance requirements are met.
• Define and enforce certificate policies (validity periods, cryptographic algorithms, key sizes, usage constraints).
• Maintain accurate certificate inventory records (ownership, purpose, expiration dates).
• Identify and report at-risk certificates (expired, expiring soon, weak crypto, unknown owners).
• Assist with certificate issuance requests and validation.
• Support certificate automation efforts by validating coverage and reporting gaps.

Required Skills and Qualifications:

• Foundational understanding of digital certificates (X.509), TLS/SSL concepts, and machine-to-machine authentication.
• Experience with ticketing systems, inventories, or monitoring tools.
• Strong attention to detail and ability to manage recurring operational tasks.
• Ability to follow documented processes and escalate issues appropriately.
• Understanding of IT risks and business implications.
• Strong potential for growth and acceptance of additional responsibilities.
• Ability to prioritize and execute tasks efficiently.
• Team-oriented and collaborative work style.
• Fluent in written and spoken English.
• Demonstrated ability to write report segments and participate in presentations.
• Balance of analytical problem-solving, interpersonal, communication, attention to detail, and technical acumen.

Education and Experience:

• 2-5 years of experience in IT security, IAM, infrastructure, PKI, or TLS certificates.
• Bachelor's degree in Cybersecurity or related field, or equivalent experience.
• Information security or audit certifications (e.g., CISSP, CISM, CISA) are a plus.

This is a permanent position offering competitive compensation, comprehensive benefits, and a flexible hybrid work model (3 days onsite, 2 days remote).