Lead Engineer - Digital Certificate Technology Services in East Rochester at Ernst & Young Oman

Ernst & Young Oman is hiring a Lead Engineer for its Digital Certificates Technology Service (DCTS) team to be based in East Rochester, a role that will drive Public Key Infrastructure (PKI) engineering across EY’s global information security organisation. The position — advertised on Talents Vaia — seeks an experienced technical lead to manage certificate lifecycle solutions covering Transport Layer Security (TLS), code signing, user and device authentication and email encryption, and will oversee engineering resources responsible for Microsoft PKI, OCSP, Hardware Security Modules (HSM) and certificate management platforms.

"At EY, we’re all in to shape your future with confidence," the firm says in its job posting, framing the role as part of a broader effort to sustain secure connectivity across EY’s global infrastructure.

The DCTS team is tasked with engineering, development and sustainment of digital certificate‑based security and encryption technologies that service the global firm. The Public Key Infrastructure (PKI) Engineering Lead will act as the primary point of contact for strategy and best practices, and will serve as a bridge between business stakeholders, solution architecture and IT operations to ensure deployed services meet security, functional and operational requirements.

Role responsibilities and technology stack

• Lead design, development and implementation of full certificate lifecycle management solutions aligned to multiple use cases such as TLS, code signing, authentication and email encryption.
• Manage and maintain PKI systems and underlying infrastructure including Microsoft PKI, OCSP, HSMs (SafeNet/nCipher) and vendor platforms such as KeyFactor Command and Venafi Trust Protection Platform.
• Act as product owner for deployed services and manage vendor technologies; develop product roadmaps and support release planning, validation testing and production readiness.
• Support cloud-related PKI management in Azure or AWS and use automation skills such as PowerShell scripting and REST API integration.
• Lead a team: hire, assign responsibilities and coach performance to deliver service stability and continuity.

Qualifications and compensation

• Education: Bachelor’s or master’s degree in information assurance, computer science, information systems or related field.
• Experience: 12+ years in IT, 8+ years in information security and at least 6+ years of hands‑on PKI engineering experience.
• Preferred skills: CyberArk/Venafi certificate management suite experience, code signing, HSM proficiency (SafeNet/nCipher), PowerShell and REST API familiarity.
• Compensation: U.S. base salary range listed at $128,100 to $239,600; New York City Metro, Washington State and California ranges are $153,800 to $272,300. The posting notes these ranges are provided to comply with United States pay transparency laws and that other geographies will follow local salary guidelines.

The listing highlights EY’s total rewards package — medical and dental coverage, pension and 401(k) plans, paid time off options and a hybrid working expectation that client‑facing roles will work in person 40–60% of the time. EY also states it accepts applications on an ongoing basis and offers reasonable accommodation for applicants with disabilities, directing candidates to call 1‑800‑EY‑HE for assistance.

As enterprises continue to prioritise cryptographic hygiene and certificate lifecycle automation, this hire underscores EY’s investment in specialised PKI capabilities to secure its global estate and support evolving authentication and encryption needs.