Cybersecurity Consultant

Own PKI/CLM solution delivery: lead the assessment, design and implementation of PKI and CLM capabilities, from current-state review to target architecture and operational model.

Certificate inventory & governance: build/maintain a complete certificate inventory (where they live, what they protect, owners, expiry, criticality), define ownership and stewardship, and establish governance processes and policy standards.

Automation & integration: implement certificate lifecycle automation (request/approval, issuance, deployment, renewal/rotation, revocation), integrating CLM/PKI with enterprise platforms (load balancers, web/app servers, container platforms, API gateways, CI/CD pipelines, CMDB/ITSM, IAM).

Being You

Diversity is a whole lot more than what we look like or where we come from, it's how we think and who we are. We welcome people of all cultures, backgrounds, and experiences. But we're not doing it single-handily: Our Kyndryl Inclusion Networks are only one of many ways we create a workplace where all Kyndryls can find and provide support and advice. This dedication to welcoming everyone into our company means that Kyndryl gives you - and everyone next to you - the ability to bring your whole self to work, individually and collectively, and support the activation of our equitable culture. That's the Kyndryl Way.

Profiles with strong expertise in PKI and cryptography, with proven knowledge in Certificate Lifecycle Management (CLM) and PKI architecture/operations (issuance policies, key protection, CRL/OCSP, governance and auditability). Comfortable leading certificate inventory and ownership models, driving renewal/rotation automation, and integrating CLM/PKI capabilities with enterprise platforms and applications to reduce expiry-related incidents and strengthen security and compliance in hybrid and cloud environments.

Nice to have: experience in data discovery and classification, encryption strategy, tokenization/FPE, DLP and DSPM, aligning data protection controls with regulatory requirements and data governance practices.

Who You Are

Profiles with strong expertise in PKI and cryptography, with proven knowledge in Certificate Lifecycle Management (CLM) and PKI architecture/operations (issuance policies, key protection, CRL/OCSP, governance and auditability). Comfortable leading certificate inventory and ownership models, driving renewal/rotation automation, and integrating CLM/PKI capabilities with enterprise platforms and applications to reduce expiry-related incidents and strengthen security and compliance in hybrid and cloud environments.

Nice to have: experience in data discovery and classification, encryption strategy, tokenization/FPE, DLP and DSPM, aligning data protection controls with regulatory requirements and data governance practices.

EDUCATION AND CERTIFICATIONS Bachelor's or Master's degree in Computer Engineering, Cybersecurity, or Telecommunications.

EXPERIENCE 3+ year in cybersecurity services

LANGUAGES Spanish and English (B2 level or higher)

SKILLS AND KNOWLEDGE

PKI / CLM Expertise (must-have): strong knowledge of PKI concepts and operations (Root/Sub CA design, certificate profiles/templates, issuance policies, CRL/AIA, OCSP, key ceremony basics, separation of duties), plus end-to-end Certificate Lifecycle Management (discovery, inventory, ownership, renewal/rotation, revocation, retirement).

Cryptography fundamentals applied to enterprise: practical understanding of symmetric/asymmetric crypto, hashing/signing, TLS/mTLS, key protection and lifecycle (generation, storage, rotation, compromise handling), and how these choices impact security, availability and compliance.

Hybrid & cloud delivery: experience working across on-prem and cloud environments, integrating certificate services with infrastructure (load balancers, web servers, API gateways), identity components, and application pipelines.

Automation mindset: ability to design and implement automation for certificate issuance and renewals (e.g., API-driven workflows, integrations with CMDB/ITSM, and protocols such as ACME/SCEP/EST when applicable).

Troubleshooting & incident handling: strong skills diagnosing certificate/TLS issues (expiry, trust chain, name mismatch, handshake failures), managing revocations/compromises, and executing remediation at pace with minimal service impact.

(Nice to have) Data protection controls: exposure to data discovery/classification, DLP, DSPM, encryption strategy, and tokenization/FPE-especially where they intersect with key management and certificate governance.

We have the world’s best talent that design, run, and manage the most advanced and reliable technology infrastructure each day. Together, we think holistically about the health of these vital technology ecosystems.

We will be a focused, independent company that builds on our foundation of excellence by creating systems in new ways. Bringing in the right partners, investing in our business, and working side-by-side with our customers to unlock potential. We're raising the bar.