As a leader in the identification and authentication industry, and thanks to its various card production and personalisation facilities, the People ID division of Zetes has issued more than 40 million cards over the past 15 years, amongst which the Belgian eID, passport and driving license.
Zetes TSP is part of Zetes People ID, the division of the Zetes Group specialised in the identification and authentication of people, including the production and personalisation of highly secure documents. Zetes TSP is an operational business unit which provides certificate services and trust services for governments, the financial sector and private organisations. Zetes qualifies as a Trust Services Provider as defined under the eIDAS regulation.
To support its future development, Zetes is looking for a
Zetes is in the process of setting up a new business activity. You will be the leader of the specialist team that is responsible for a new ICT infrastructure for the mission critical cloud services for this new venture.
At first the team will create a new ICT environment as well as incorporate the existing core infrastructure already in place today. You will be involved in all aspects of creating and extending the existing server rooms, deployment of generic ICT and special cryptographic equipment.
This team is based at two locations in the periphery of Brussels (1130 Brussels but mainly at 1601 Ruisbroek), both are located close to the Brussels ring way and to the train stations (resp. at 2 minutes and 10 minutes’ walk to the office).
- You define and implement the key management policy and certificate management policy for all PKI components
- You are organize and execute activities like:
- Key ceremonies
- Configuration and initialisation of new PKI components or systems
- Audits, remediation and follow-up of recommendations
- Update and improve existing procedures
- You co-author and/or review policy documents (certification practice statements, certificate policies, timestamp policies, etc.)
- PKI ADMINISTRATION TASKS
- Day to day administration of the PKI infrastructure including CA and VA, HSM, backup media, timestamping infrastructure, etc.
- Perform exceptional tasks such as manual Certificate Enrolment, Certificate Revocation, etc.
- Define and describe the CA hierarchy, PKI architecture, configurations, etc.
- Define and describe the lifecycles for all managed objects such as certificates, keys, CRLs, etc.
- Provide support of certificate services projects and operation support
- Prepare and document configuration scripts
- Install, configure and maintain the operational environment
- Configuration of the PKI application software
- Maintain a test environment and test all critical procedures on this test environment
- SYSTEM MAINTENANCE and DOCUMENTATION
- Troubleshooting and problem solving
- Maintain the integrity and security of servers and systems
- Maintain system documentation
- Define and (for specific purposes) implement or assist with the implementation of monitoring tools, specifically related to monitoring performance and availability for SLA for public services (CRL publication, web site, OCSP responder, certificate & revocation request handling, etc.)
- INTEGRATION & DEPLOYMENT
- Define and describe the interfaces and protocols for integration of the core PKI components with external systems for card personalisation , card management and certificate management
- Create customized tools / software / scripts for highly specialised PKI-specific tasks
- Coordinate the installation and maintenance of the PKI systems
- Manage operation of Electronic Key Management System, other information security duties, and Public Key Infrastructure (PKI)
- Able to generate Key pairs and submit certificate request
- Ensures operation of equipment by completing preventive maintenance requirements and tests; following manufacturer's instructions; troubleshooting malfunctions; calling for repairs; maintaining equipment inventories; evaluating new equipment and techniques.
- Monitoring of PKI related Key Performance Indicators, analysis and reporting of incidents, follow technology trends
- Make recommendations to purchase hardware and software, coordinates installation and provides backup recovery
- Define and/or review the profiles for cards and HSMs for client applications (e.g. smartcards for digital signature, HSM for server side signing)
Requirements and Skills
- Bachelor degree or master degree
- Several years' experience with PKI
- Experience in in Security Management is a plus
- General understanding of ICT environments
- Good analytical skills
- You can handle complex information and are able to describe ICT environments, write functional descriptions, procedures, reports, etc.
- You have attention to detail
- Experience with a combination of the following:
- Public Key Infrastructure (Internal and Internet)
- X.509 Digital Certificate Management
- Hardware Security Modules (Thales, Utimaco, Gemalto, Safenet or other)
- Key Management
- Cryptography Algorithms
- Telecommunication protocols such as TLS/SSL
- Nice to Have:
- Experience with scripting languages, i.e. Shell Script, Python, Perl, Powershell, Bash...
- Sysadmin experience with Linux or Windows
- Our internal working language is English
- For contacts with colleagues a good understanding of Dutch and French is beneficial
- Good writing skills in English
- Other European languages are a bonus
- A high level of autonomy
- A full-time job in the ZETES office in 1601 Ruisbroek (Flemish Brabant)
- Continuous learning in the market of peopleID
- Attending relevant seminars and specific training courses
- Work within a dynamic team experienced with large-scale projects
- An attractive remuneration package and fringe benefits in-line with your experience
More information about Zetes
If you are fascinated by this challenging opportunity, please send your application letter and cv to the HR director : firstname.lastname@example.org