Thermo Fisher Scientific

Work Schedule

First Shift (Days)

Environmental Conditions

Office

Job Description

IT Security Engineer III - Credential Hardening & Certificate Management

Frederick, MD · Full-time

About the Role

This position is with Thermo Fisher Scientific, an inclusive employer and a member of myGwork -- the largest global platform for the LGBTQ+ business community.

Work Schedule: Standard (Mon-Fri)

Environmental Conditions: Office environment

Location/Division: Frederick, MD / Corporate IT

At Thermo Fisher Scientific, you'll drive transformational change in our certificate management and credential hardening practices across our global organization of 100,000+ colleagues. This position requires a strategic change agent who can challenge existing paradigms, identify leverage points, and engineer solutions that break us free from legacy "that's the way we do things" mindsets.

Position Overview

As a Credential Hardening & Certificate Management Engineer, you will serve as the primary SME and program leader for enterprise-wide secrets hardening and certificate lifecycle management initiatives. Operating with high independence, you'll function as an internal transformation consultant, developing strategic leverage points to enforce best practices and drive cultural change around credential security. This role complements PAM initiatives and requires someone who can engineer tool-agnostic solutions in an evolving technology landscape.

Key Responsibilities

Strategic Program Leadership

• Lead credential hardening transformation initiatives across the organization, identifying and eliminating legacy practices that compromise security posture
• Drive initiatives with the enterprise certificate lifecycle management program, establishing strategy, roadmaps, and success metrics aligned with quantum computing threats and industry trends
• Serve as primary SME for secrets management best practices, certificate lifecycle automation and credential security frameworks
• Develop strategic leverage points to drive organizational change and overcome resistance to security improvements
• Engineer tool-agnostic flows that can adapt to changing technology landscapes and vendor transitions

Transformation & Program Management

• Function as an internal turnaround consultant for credential security practices, identifying systemic issues and designing comprehensive remediation strategies
• Challenge existing paradigms and "that's the way we do things" mentalities through data-driven analysis and strategic influence
• Develop and execute strategies to drive adoption of best practices across diverse business units
• Execute and deliver on credential hardening and certificate management investments
• Design and implement cultural transformation initiatives that embed security-first thinking into operational processes

Engineering & Automation

• Implement automated certificate rotation systems to address shrinking certificate lifecycles driven by quantum computing threats, including migration to quantum-resistant algorithms
• Engineer scalable certificate management efforts that integrate with existing infrastructure while maintaining vendor agnostic flexibility and with preference on agility for post-quantum transitions
• Develop comprehensive secrets management frameworks that enforce least privilege, rotation, and audit requirements to strengthen credential workflows
• Create advanced monitoring and alerting systems for certificate expiration, rotation failures, compliance deviations, and quantum readiness assessments
• Design integration strategies between certificate management, PAM initiatives, and broader security infrastructure with quantum threat in mind

Cross-Functional Leadership & Influence

• Lead cross-functional efforts in implementing credential and certificate security improvements by seeing the work and helping the organization achieve clarity on where it is to head
• Represent certificate management initiatives in enterprise engineering, security governance, and compliance committees
• Collaborate with PAM teams to ensure complementary and multi-layered security strategies
• Drive consensus among stakeholders with competing priorities and establish unified approaches to credential security
• Mentor and train technical teams on credential management best practices and emerging threats

Secrets Threat Mitigation & Risk Management

• Develop and execute quantum readiness assessments for existing certificate and credential infrastructure, identifying vulnerable cryptographic implementations
• Design post-quantum cryptography transition roadmaps with timeline-driven migration strategies and risk-based prioritization
• Implement and drive understanding of frameworks that enable rapid algorithm transitions as quantum threats evolve and new standards emerge
• Create quantum threat intelligence notifications that monitor advances in quantum computing and adjust security postures proactively
• Establish understanding of hybrid classical-quantum cryptographic systems during transition periods to maintain security while preparing for post-quantum era

Process Innovation & Optimization

• Identify and eliminate inefficiencies in current secrets and certificate management processes through root cause analysis and quantum threat impact assessment
• Develop KPIs and metrics to measure program success, security posture improvements, organizational maturity, and quantum readiness levels
• Design automated compliance reporting and audit preparation processes that include credential hardening compliance requirements
• Create repeatable methodologies for certificate lifecycle management that incorporate quantum-safe practices and can scale across global operations
• Establish governance frameworks for certificate and credential policy enforcement with quantum threat considerations integrated

Technology Platform Management

• Maintain deep expertise in common enterprise tooling while preparing for potential platform transitions
• Evaluate and recommend new secrets management platforms based on strategic requirements
• Design migration strategies that prioritize urgency of need, so our security posture does not become lax
• Develop vendor-agnostic and dual implementation approaches that protect against technology and vendor lock-in
• Create integration methodologies that maximize existing infrastructure investments

Required Qualifications

Education & Certifications

• Bachelor's degree in Cybersecurity, Computer Science, Systems Engineering, or related field (equivalent experience accepted)
• Advanced certifications required: CISSP, CISM, or CCSP with focus on identity and access management or equivalent
• Credential management or consulting certifications strongly preferred (e.g. CyberArk Guardian, etc.)
• Certificate management training preferred: Feisty Duck Practical TLS and PKI or similar

Experience

• 8+ years of enterprise security experience with focus on identity, access management, or certificate/PKI systems
• 5+ years of program or project leadership experience driving organizational transformation
• 3+ years of hands-on experience with certificate management platforms, PKI infrastructure, and secrets management
• Demonstrated experience as a change agent or transformation consultant in security domains
• Proven track record of challenging status quo and driving process improvements in large organizations

Technical Skills

• Expert proficiency in secrets management, credential hardening, privileged access principles, and quantum-safe credential protection mechanisms
• Advanced knowledge of PKI, certificate lifecycles, automated rotation technologies, and post-quantum cryptography standards (NIST PQC, hybrid certificates)
• Strong experience with secrets/certificates management platforms, including quantum readiness assessment capabilities
• Demonstrated ability to engineer tool-agnostic solutions, manage technology transitions, and implement crypto agile frameworks
• Experience with SaaS secrets and certificate management, DevOps integration, infrastructure automation, and quantum-safe practices
• Advanced knowledge of quantum computing impacts on cryptography, secrets and certificate management strategies, and post-quantum transition planning

Leadership & Consulting Skills

• Exceptional influence and persuasion abilities with track record of driving change without direct authority
• Strategic thinking and problem-solving with ability to identify leverage points for organizational transformation
• Strong consulting and advisory skills with experience challenging existing practices and driving improvements
• Excellent communication abilities with capability to present complex technical concepts to executive audiences
• Proven mentorship and training capabilities with track record of developing technical teams
• Cultural change leadership with experience overcoming organizational resistance to security improvements

Specialized Competencies

• Comprehensive understanding of secrets management and specific mitigation strategies for enterprise environments
• Experience with regulatory compliance requirements (SOX, PCI DSS, HIPAA) related to certificate and credential management, including emerging quantum-safe compliance standards
• Expertise in threat modeling and risk assessment methodologies for credential security with quantum threat scenarios and impact analysis
• Proficiency with DevSecOps practices, automated security integration, and quantum-safe CI/CD pipeline security
• Deep understanding of zero trust architecture principles, implementation strategies, and quantum-resilient zero trust frameworks
• Knowledge of post-quantum cryptography algorithms (lattice-based, hash-based, multivariate, isogeny-based) and their practical implementation challenges

What We Offer

Join our world-class organization and lead transformational change in enterprise security. Drive meaningful impact across our global operations while developing cutting-edge solutions for tomorrow's security challenges. We offer competitive compensation, comprehensive benefits, executive development opportunities, and the chance to shape the future of certificate and credential security.

Apply today at: http://jobs.thermofisher.com

Thermo Fisher Scientific Inc. is an equal opportunity employer offering reasonable accommodations for applicants with disabilities. We value diversity and inclusion in our workforce. #StartYourStory with us.

Compensation and Benefits

The salary range estimated for this position based in Maryland is $113,500.00–$170,200.00.

This position may also be eligible to receive a variable annual bonus based on company, team, and/or individual performance results in accordance with company policy. We offer a comprehensive Total Rewards package that our U.S. colleagues and their families can count on, which includes:

• A choice of national medical and dental plans, and a national vision plan, including health incentive programs
• Employee assistance and family support programs, including commuter benefits and tuition reimbursement
• At least 120 hours paid time off (PTO), 10 paid holidays annually, paid parental leave (3 weeks for bonding and 8 weeks for caregiver leave), accident and life insurance, and short- and long-term disability in accordance with company policy
• Retirement and savings programs, such as our competitive 401(k) U.S. retirement savings plan
• Employees’ Stock Purchase Plan (ESPP) offers eligible colleagues the opportunity to purchase company stock at a discount

For more information on our benefits, please visit: https://jobs.thermofisher.com/global/en/total-rewards

Read Full Description