IAM SecOps Engineer - PKI & Encryption

At Lilly, we unite caring with discovery to make life better for people around the world. We are a global healthcare leader headquartered in Indianapolis, Indiana. Our employees around the world work to discover and bring life-changing medicines to those who need them, improve the understanding and management of disease, and give back to our communities through philanthropy and volunteerism. We give our best effort to our work, and we put people first. We’re looking for people who are determined to make life better for people around the world.

Organization Overview:

At Lilly, we serve an extraordinary purpose. We make a difference for people around the globe by discovering, developing and delivering medicines that help them live longer, healthier, more active lives. Not only do we deliver breakthrough medications, but you also can count on us to develop creative solutions to support communities through philanthropy and volunteerism.

Ready to put your mark on the world of cybersecurity? We're looking for an IAM SecOps Engineer - PKI & Encryption to bring fresh perspectives and bold solutions to our team. In this role, you'll be instrumental in shaping how our organization designs, operates, and secures public key infrastructure and encryption services across enterprise resources.

What you will be doing:

This IAM SecOps Engineer - PKI & Encryption will serve as a member of the Lilly Cybersecurity Identity and Access Management team, responsible for delivering and securing PKI and encryption technologies that support Lilly's mission. In this role, you will partner with business stakeholders, IT teams, and cybersecurity colleagues to ensure PKI and encryption solutions are designed, deployed securely, and aligned with enterprise security and technology strategies.

You will develop technical specifications, design patterns, standards-as-code, and security guidance for PKI and encryption capabilities and services. As a key contributor, you will identify and optimize critical processes around certificate lifecycle management, key management, cryptographic standards, and continuous improvement of PKI and encryption technologies.

How you will succeed:

• As an IAM SecOps Engineer - PKI & Encryption, you will leverage your technical expertise to evaluate, architect, and implement PKI solutions that meet business and security requirements.
• Design and maintain technical integrations of PKI and encryption services, including certificate authority (CA) hierarchy design, certificate issuance and renewal workflows, key management, and hardware security module (HSM) operations to meet business requirements.
• Ensure operational excellence for all PKI and encryption services, including monitoring, troubleshooting, and continuous optimization of certificate lifecycle management and cryptographic policy enforcement.
• Understand the evolving threat landscape and translate PKI and encryption-related risks into actionable business and technical impacts, implementing appropriate cryptographic controls and remediation strategies.
• As a strong communicator with excellent interpersonal skills, you will collaborate effectively with cross-functional and remote team members to design and implement PKI and encryption capabilities and solutions.
• Partner with business stakeholders to develop and implement PKI and encryption solutions that strengthen security posture while enabling seamless and secure operations across the enterprise.
• With a high level of curiosity, you'll stay current on PKI platform roadmap updates, emerging cryptographic standards, and evolving compliance requirements.
• Drive adoption of innovative PKI and encryption capabilities to address complex, global certificate management and data protection challenges.
• Collaborate with enterprise architects, application teams, and stakeholders to understand business needs and incorporate feedback into PKI and encryption strategies and implementations.

Basic Qualifications:

• Bachelor's degree in Cybersecurity, Computer Science, Information Technology or related fields.
• 5+ years of demonstrated technical experience designing, implementing, and supporting enterprise PKI solutions such as Microsoft AD CS, Sectigo, DigiCert, Entrust, or comparable CA platforms.
• 5+ years of hands-on experience managing certificate lifecycle processes including issuance, renewal, revocation, and HSM operations across on-premises and cloud environments.

Additional preferences:

• Strong communication and presentation skills with the ability to articulate PKI and cryptographic concepts to diverse audiences including executives, business stakeholders, and technical teams.
• Deep expertise with certificate authority hierarchy design, two-tier and three-tier CA models, root CA operations, and offline CA management best practices.
• Strong understanding of cryptographic standards and protocols including TLS/SSL, RSA, ECC, AES, and emerging post-quantum cryptography (PQC) standards from NIST.
• Experience with certificate lifecycle management platforms such as Venafi Trust Protection Platform, DigiCert CertCentral, AppView, or comparable CA platforms.
• Proven experience designing and implementing enterprise-scale PKI architecture for cloud, hybrid, and on-premises environments including integration with Azure and AWS certificate services.
• Ability to translate business and compliance requirements into effective cryptographic policies, certificate profiles, and key management standards that balance security, usability, and supportability.
• Demonstrated collaboration with technical counterparts, audit and compliance teams, and business stakeholders to deliver and enhance PKI and encryption solutions.
• Self-motivated with proven accountability for delivering solutions within defined timelines and budgets.
• Ability to work effectively with distributed and virtual teams across multiple time zones.
• Experience developing automation solutions using PowerShell, Python, REST APIs, or other scripting languages to automate certificate lifecycle operations and PKI platform integrations.
• Familiarity with secrets management platforms such as HashiCorp Vault or Azure Key Vault and their integration with enterprise PKI.
• Experience supporting PKI and encryption requirements in regulated industries, including SOX, HIPAA, GxP, or FedRAMP compliance frameworks.
• Relevant certifications such as CISSP, CISM, or equivalent.

Lilly is dedicated to helping individuals with disabilities to actively engage in the workforce, ensuring equal opportunities when vying for positions. If you require accommodation to submit a resume for a position at Lilly, please complete the accommodation request form (https://careers.lilly.com/us/en/workplace-accommodation) for further assistance. Please note this is for individuals to request an accommodation as part of the application process and any other correspondence will not receive a response.

Lilly does not discriminate on the basis of age, race, color, religion, gender, sexual orientation, gender identity, gender expression, national origin, protected veteran status, disability or any other legally protected status.

#WeAreLillyUKandIreland