TalentProfile
Back to Jobs
Remote (City) Full-time

M&T Bank is hiring a Manager-Cybersecurity - Digital Certificate Management

About the Role

At M&T Bank, we are looking for a Manager-Cybersecurity - Digital Certificate Management to lead and scale our PKI operations. You will be responsible for managing a team and ensuring the secure, compliant issuance and lifecycle management of digital certificates that underpin our enterprise security.

What You'll Do

  • Functionally lead and manage a team of 10+ experienced professionals in AT&T India.
  • Manage PKI-related operations, mentor team members, and facilitate cross-team collaboration with security, DevOps, and infrastructure groups.
  • Manage certificate lifecycle operations including issuance, renewal, revocation, and cross-certification within complex CA hierarchies.
  • Enforce cryptographic key management policies including key generation, escrow, rotation, and destruction.
  • Monitor certificate status and proactively address expirations to prevent service disruptions.
  • Troubleshoot and resolve certificate-related issues across multiple platforms and applications.
  • Automate certificate management processes using scripting languages and certificate management tools.
  • Maintain accurate documentation of certificate inventories, configurations, and operational procedures.
  • Collaborate closely with developers, security teams, network administrators, and other stakeholders to ensure secure and compliant certificate deployments.
  • Ensure compliance with PKI best practices, industry standards, and regulatory requirements.
  • Establish monitoring and alerting mechanisms for certificate expiration and operational health.
  • Participate in periodic reviews and respond to certificate management-related queries.
  • Stay current with emerging trends, threats, and technologies in digital certificate management.
  • Lead incident response efforts related to certificate compromise or misuse.
  • Produce comprehensive documentation and communicate complex technical concepts clearly to diverse stakeholders.
  • Provide training and support to internal teams on certificate best practices.
  • Collaborate with leadership teams, provide subject matter expertise and insights.
  • Support and guide team members in providing high-quality services and deliverables.
  • Support, guide and mentor team members in technical and functional matters.
  • Be flexible to provide coverage in US morning hours.
  • Be flexible with shifts and supporting on weekends.

What We're Looking For

  • At least 10+ years of experience in performing Digital Certificate Management Operations.
  • Advanced understanding of X.509 certificates, CRLs, OCSP, and complex CA hierarchies (root, intermediate, issuing).
  • Expertise in certificate lifecycle management at scale, cross-certification, and trust model architectures.
  • Strong cryptographic knowledge including symmetric/asymmetric encryption, digital signatures, and hashing algorithms.
  • Proven experience with key management policies covering generation, escrow, rotation, and secure destruction.
  • Demonstrated ability to lead complex PKI operations and guide junior team members.
  • Excellent collaboration skills working with security, DevOps, infrastructure, and application teams.
  • Ability to operationalize secure PKI systems integrated with IAM, SSO, MFA, and compliant with standards such as NIST, FIPS 140-2, and ISO 27001.
  • In-depth knowledge of networking protocols relevant to certificate distribution and validation: SSH, TLS/SSL, HTTPS, S/MIME, IPsec, VPNs, DNS, LDAP, HTTP.
  • Proven experience leveraging automation for certificate lifecycle management using scripting tools like PowerShell and Python.
  • Hands-on experience with OpenSSL, Keytool, Certutil.
  • Familiarity with Microsoft AD CS, KeyFactor, Venafi, HashiCorp Vault, and EJBCA.
  • Experience managing Hardware Security Modules (HSMs) such as Thales and SafeNet.
  • Experience with ACME protocol for automated certificate lifecycle management.
  • Ability to lead and operationalize certificate expiration monitoring and alerting systems to prevent outages.
  • Ability to maintain thorough logging and auditing of all certificate operations for security and compliance purposes.
  • Proven ability to troubleshoot complex certificate-related issues across diverse platforms.
  • Strong documentation skills to support audit readiness and operational transparency.
  • Experience with Python using libraries like cryptography, pyOpenSSL, requests, subprocess for PKI automation and API integration.
  • Experience with PowerShell for Windows PKI environments (e.g., AD CS).
  • Experience with Bash scripting for Linux-based PKI tools and OpenSSL automation.
  • Experience with Java for working with PKI tools such as EJBCA and integrations like HashiCorp Vault.
  • Experience with other automation tools: Ansible, Terraform, and CI/CD systems (GitHub Actions, Jenkins).
  • Experience with RESTful API integrations for DigiCert, HashiCorp Vault, and ACME protocol platforms.
  • Attention to detail and a sense of urgency is crucial.

Nice to Have

  • Bachelor's or master's degree in computer science, mathematics, information systems, engineering, or cybersecurity.
  • Industry certifications such as CEH, CISSP, SANS and/or other relevant certifications.
  • Ability to prioritize individual/group work in a high-stress and time-bound environment.
  • Excellent communication, problem-solving, and analytical skills.
  • Ability to work independently and as part of a team.

Technical Stack

  • Certificate Tools: OpenSSL, Keytool, Certutil, Microsoft AD CS, KeyFactor, Venafi, HashiCorp Vault, EJBCA
  • Hardware Security Modules (HSMs): Thales and SafeNet
  • Scripting & Languages: Python (cryptography, pyOpenSSL, requests, subprocess), PowerShell, Bash scripting, Java
  • Automation & Infrastructure: Ansible, Terraform, CI/CD systems (GitHub Actions, Jenkins)
  • API Integrations: RESTful APIs for DigiCert, HashiCorp Vault, and ACME protocol platforms

Team & Environment

You will lead and manage a team of 10+ experienced cybersecurity professionals in AT&T India.

Work Mode

This position is based locally in Hyderabad or Bengaluru.

It is the policy of AT&T to provide equal employment opportunity (EEO) to all persons regardless of age, color, national origin, citizenship status, physical or mental disability, race, religion, creed, gender, sex, sexual orientation, gender identity and/or expression, genetic information, marital status, status with regard to public assistance, veteran status, or any other characteristic protected by federal, state or local law. In addition, AT&T will provide reasonable accommodations for qualified individuals with disabilities. AT&T is a fair chance employer.

Required Skills
OpenSSLKeytoolMicrosoft AD CSKeyFactorVenafiHashiCorp VaultEJBCAHardware Security Modules (HSMs)PythoncryptographypyOpenSSL
Planning long-term in Thailand?

Full relocation support, start to finish

From visa strategy to housing, banking, and schools for your family — SVBL plans and manages every detail of your move to Thailand so nothing falls through the cracks.

Complete relocation planning
Family visa & school enrollment
Banking & insurance setup
Cultural integration support
Plan your move
One partner for everything
About company
M&T Bank

M&T Bank is a financial institution providing banking services and customer-focused financial solutions.

Visit website
Job Details
Category security
Posted 8 months ago

Similar Jobs

Other opportunities you might be interested in

?

Lead Detection Engineer(remote)

Unknown Company

Remote (Global)
OpenAI

Corporate Security Operations Manager, APAC

OpenAI

Remote (Country)
Bayesian Health, Inc.

Senior SecOps Engineer

Bayesian Health, Inc.

remote-first
Flock Safety

Senior Network Security Engineer

Flock Safety

Remote (Global)
DeleteMe

Solutions Engineer, Cyber Security

DeleteMe

Remote (Country)
Binance

Applied Cryptographer - Cryptographic Tech

Binance

Remote (Global)