Sr. Security Engineer - Cryptography and Access Management

Toronto - Queen's Quay - Headquarters

The Kraft Heinz Company

The Kraft Heinz Company provides high quality, great taste and nutrition for all eating occasions whether at home, in restaurants or on the go.

View company page

Job Description

The Information Security team is committed to delivering innovative cybersecurity solutions and services to the enterprise. Our global team is growing!!

We are looking for a Sr. Security Engineer to join us, with a focus on supporting our needs and capabilities across Private Key Infrastructure (PKI) and Privileged Access Management (PAM). 

This role will lead all aspects of administration, operations and continuous advancement of Kraft Heinz enterprise cryptographic and access management capabilities. You will work closely with the PKI and PAM program owners, IT and Business Partners, and other organizational partners to deliver on required program capabilities, program compliance requirements and program maturity targets.  


Key responsibilities: 

  • Perform day to day monitoring, management and maintenance of organization's PKI and PAM platforms, ensuring maximum platform capability, performance and health. 

  • Maintain standards, playbooks and communications for management and maintenance of program capabilities and processes 

  • Maintain technical documentation around architecture, configuration, management maintenance of core platforms, supporting tooling and other applicable technologies. 

  • Lead, supervise and continuously optimize delivery and user experience of certificate lifecycle management processes, including request, approval, issuance, validation and revocation, to ensure continuous alignment with requirements and compliance with standards and processes. 

  • Support the design, build and deployment of enterprise PKI systems and ensure PKI systems align with and enforce industry leading practices and NIST standards. 

  • Manage, supervise and continuously optimize delivery and user experience of privileged account lifecycle management processes, including provisioning, vaulting, rotation, changes, deprovisioning, and access reviews. 

  • Lead cyclical and ad-hoc training and awareness programs around PKI and PAM capabilities and practices. 

  • Collaborate with multi-functional teams to ensure flawless execution of security processes. 

  • Design, plan and implement the integration of platforms with other security systems and applications. 

  • Implement applicable policies, procedures, and standards to internal teams and collaborators. 

  • Successfully communicate with internal engineering and operations teams to design, plan, implement, validate and memorialize changes to platform configuration, integrations and processes.  

  • Partner with internal and external teams and product vendors to lead resolution of issues with certificates and certificate lifecycle, privileged access and access lifecycle, platform, platform integrations, and other issues as they arise. 

  • Monitor, measure and communicate key program capabilities and metrics 

  • Provide support for program audits to ensure alignment of practices to processes, and compliance of processes to requirements 

  • Continuously evaluate and improve the capability of platforms to stay ahead of emerging threats. 

  • Evaluate new tools, technologies and techniques to enhance the efficacy and efficiency of programs and capabilities. 

  • Stay updated with, and communicate to program owners and key partners,  changes and advancements to industry trends, standards, and regulatory requirements  

Qualifications for this role include: 

  • Advanced experience in cybersecurity, with at least three years of hands-on experience and expertise with encryption and identity and access management 

  • Strong level of understanding of Enterprise PKI platforms and processes, including certificate enrollment protocols, automation, lifecycle, troubleshooting and resolution. 

  • Strong level understanding of Enterprise PAM platforms and processes, including provisioning, vaulting, granular rights management, de-provisioning and verification processes, injection and secure access.  

  • Strong level of understanding of enterprise directory services and group policies. 

  • Strong level of understanding of authentication flows and mechanisms, including strong multi-factor authentication.  

  • Experience with scripting in Python, shell and powershell.  

  • Familiarity with security frameworks and standards (e.g., NIST CSF, ISO 27001). 

  • Strong analytical and problem-solving skills. 

  • Excellent communication and interpersonal skills. 


Toronto - Queen's Quay - Headquarters

Kraft Heinz is an Equal Opportunity Employer – Underrepresented Ethnic Minority Groups/Women/Veterans/Individuals with Disabilities/Sexual Orientation/Gender Identity and other protected classes. In order to ensure reasonable accommodation for protected individuals, applicants that require accommodation in the job application process may contact for assistance.

Apply now Apply later
  • Share this job via
  • or

* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰

Tags: Audits Automation Compliance Cryptography Encryption IAM ISO 27001 Monitoring NIST PKI PowerShell Python Scripting

Region: North America
Country: Canada
Job stats:  5  0  0

More jobs like this

Explore more InfoSec / Cybersecurity career opportunities

Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.