Senior PKI Platform Administrator

Welcome to Gordon Food Service! We are excited that you are thinking about opportunities with us, and we have an amazing story to share. See below for a quick glance of who we are and the impact you could have on the food service industry. There's a seat at our table for you...

Position Summary:

The Senior PKI Platform Administrator is the enterprise owner and technical architect of the company's internal and external digital trust infrastructure. Utilizing our centralized, cloud-based Certificate Lifecycle Management (CLM) and Public Key Infrastructure as a Service (PKIaaS) ecosystem, this role is responsible for engineering the "last mile" integrations, automation pathways, and governance models that allow teams to safely self-service their cryptographic needs.

This role focuses on platform health, vendor service management, automation enablement (via APIs and localized Orchestration Agents), and translating organizational security policies into effective guardrails. This position ensures the elimination of certificate-related downtime while maintaining a rigorous security posture across multi-cloud and on-premises environments.

What you will do:

• Centralized CLM & PKIaaS Platform Ownership:

• Act as the primary administrator, subject matter expert, and product owner for the enterprise Certificate Lifecycle Management (CLM) portal and integrated Public Certificate Authority (CA) infrastructure.

• Manage user access control, tenant health, role-based permissions (RBAC), and certificate templates within the centralized management platform.

• Oversee Public Domain Control Validation (DCV) processes with external CAs to ensure seamless, automated issuance of public-facing certificates.

• Monitor platform consumption metrics, API health, and certificate credit pools to optimize licensing and enterprise spend.

• Provide strategic leadership in the development and execution of certificate lifecycle management.

• Collaborate with senior stakeholders to align PKI initiatives with organizational goals and objectives.

• Stay updated with emerging PKI related trends, threats, and technologies to provide expert guidance and recommendations.

• Integration Engineering & DevOps Enablement :

• Deploy, configure, and maintain localized platform orchestration tools and agents across enterprise networks to facilitate automated certificate lifecycle actions.

• Partner with Application, DevOps, and Infrastructure teams to provide secure API endpoints, SDKs, and documentation for integrating certificate issuance into CI/CD pipelines (e.g., automated build tools, configuration management scripts).

• Standardize and publish automated enrollment mechanisms (such as ACME protocols, enrollment gateways, or MDM integrations) for cloud workloads, containers, and enterprise endpoints.

• Act as a consultative architectural resource for internal teams designing custom or legacy system integrations with the central PKI platform.

• Governance, Compliance & Risk Mitigation:

• Partner with the Risk/GRC team to translate corporate security policies into automated technical controls and templates within the CLM platform.

• Conduct regular certificate discovery scans to identify, inventory, and remediate "rogue" or non-compliant certificates across the enterprise footprint.

• Coordinate and execute emergency certificate revocation workflows and incident response protocols in the event of a private key compromise.

• Maintain audit readiness by generating compliance reports, reviewing access logs, and proving adherence to industry frameworks (e.g., SOC2, PCI-DSS).

• Continuous Improvement & Operational Support:

• Troubleshoot tier-3 platform-specific issues, including orchestration agent disconnects, API failures, or CA synchronization errors.

• Provide reference blueprints, documentation, and "self-service" training materials to empower application owners to manage their own local certificate installations and troubleshooting.

• Other duties and responsibilities as assigned.

When you will work:

• Monday to Friday, 8am to 5pm

• Hybrid schedule, 4 days in office in Wyoming, MI with 1 day remote

What you'll bring to the table:

• Bachelor's Degree in Computer Science, Information Systems or a related field required

• Professional certifications such as CISSP, CISM, GIAC or CCSP required.

• Five to eight years of related experience or an equivalent combination of education, training and experience required.

• Extensive knowledge of Cryptographic Principles: Strong foundational understanding of Public Key Infrastructure (PKI), technologies, and best practices.

• Certificate Lifecycle Management (CLM): Hands-on experience using modern, enterprise-grade CLM platforms and managing public/private Certificate Authority integrations.

• Infrastructure & Networking: Solid understanding of network protocols (TLS/SSL, HTTPS, DNS, TCP/IP) and how certificates are utilized by enterprise infrastructure components like load balancers, web servers, and firewalls.

• Excellent leadership and communication skills, with the ability to effectively communicate complex technical concepts to stakeholders at all levels.

• Must have good customer service and time management skills.

• Ability to develop solutions to a variety of complex problems, and reference established precedents and policies.

• Automation & Scripting: Proficiency in at least one scripting language (e.g., PowerShell, Python, or Bash) to interact with REST APIs and automate configuration tasks.

• DevOps Integration: Experience with CI/CD tools, infrastructure-as-code (IaC) pipelines, or configuration management tools as they relate to deploying secrets or machine identities.

• Identity & Access Management: Familiarity with Enterprise Directory Services, Cloud Identity Providers, or localized Secrets Management tools.