Job Description

This is where you save and sustain lives

At Baxter, we are deeply connected by our mission. No matter your role at Baxter, your work makes a positive impact on people around the world. You\'ll feel a sense of purpose throughout the organization, as we know our work improves outcomes for millions of patients.

Baxter\'s products and therapies are found in almost every hospital worldwide, in clinics and in the home. For over 85 years, we have pioneered significant medical innovations that transform healthcare.

Together, we create a place where we are happy, successful and inspire each other. This is where you can do your best work.

Join us at the intersection of saving and sustaining lives\xe2\x80\x94where your purpose accelerates our mission.

About Us

Nothing changes if nothing changes, which is why Baxter is transforming our global IT function\xe2\x80\x94into one that will strengthen partnerships and enable smarter, more efficient and connected business processes. In the dynamic healthcare industry, we need to be ready to face new challenges and opportunities. As we learn, we must be agile and innovative to reveal new ways of working. Technology and our digital capability will help create a more efficient and innovative ecosystem to enable our employees, customers and products to drive better outcomes for patients worldwide.

We are at the critical intersection where robust IT infrastructure and networking support meets the physicians, nurses and care givers who save and sustain lives. Together, we can build upon Baxter\xe2\x80\x99s rich heritage to advance the next generation of transformative healthcare innovations. Together, we can change how IT meets healthcare. Together, we are Baxter.

This is where technology fuels purpose-driven work. Where your purpose accelerates our mission.

Title: Sr Spec, IT \xe2\x80\x93 Product Certificate Management Engineer

Location: Bangalore

Your Role

The SR. Spec IT \xe2\x80\x93 Certificate Management Engineer will work on Installation, Logging configuration and third-party integration, Notification configuration, External Identity Integration (LDAP/Active Directory), Enterprise network discovery scan, Certificate Authority - Certificate Import, Trust Authority policy enforcement of corporate security standards, Enrollment/Revocation integration to Certificate Authorities, Automate the installation of certificates on supported applications, Approvals and scripting into automated workflows, Certificate Revocation Checking, Certificate Revocation List (CRL) Verification, Certificate Whitelisting, End-User Portal Setup, Applying product updates, Automating provisioning certificates to devices, Permissions, Custom fields.

What you\xe2\x80\x99ll be doing

• Work closely with technology and business stakeholders to implement Enterprise PKI/KCM solution and lead any migration and upgrade goals for such solutions
• Design and implement solutions to meet business objectives, IT strategic initiatives, corporate and regulatory requirements.
• Establish and execute an enterprise-wide PKI, Encryption at rest and in transit, and Cryptography governance process
• Collaborate with Information Security and Enterprise Architecture to adequately plan, communicate and deploy enterprise configurations as new cryptographic standards are adopted.
• Communicate effectively with clients to identify needs and evaluate alternative technical solutions and strategies.
• Protect and secure company resources in the cloud, virtual and physical infrastructures.
• Stay current with developing technologies, emerging threat landscape and predict impact of changing technologies.
• Monitoring and administrating digital certificates and SSL/TLS certificate tracing/revocation
• Certificate Template Definition & Creation
• In-depth knowledge of MPKI services including implementation in Certificate Management.
• Health check of all the CLM services
• Expert on cryptography concepts \xe2\x80\x93 symmetric and Asymmetric
• Knowledge on CRL, OSCP, NDES, SCEP, Openssl.
• Knowledge of Encryption, Hashing algorithms.
• Knowledge of PKI, PKCS standards and data security standards
• Good knowledge on Cryptography and key management concepts. (e.g., the specification, creation, generation, distribution, implementation, renewal, revocation, recovery and deletion of cryptographic keys and certificates).
• Knowledge of Microsoft security services like Azure key vault, Azure cloud HSM, Azure Information protection, BYOK.
• Awareness of PCI-DSS, PCI PIN and Information security standards such as NIST
• Ensure effective execution of key IT controls and remediation of incident response, vulnerability analysis and threat intelligence.
• Provide technical guidance, develop design documents, perform product installation, upgrades and certification, implementation plan, deployment and troubleshooting support.
• Diagnose, solve and provide root cause analysis for PKI and encryption related issues.
• Ensure consistent delivery of superior technical solutions.

What you\xe2\x80\x99ll bring

• Bachelor\xe2\x80\x99s degree in Information Technology, Engineering, Computer Science, related field or equivalent experience.
• At least 10+ years of relevant experience in IT Security.
• 5+ years of experience planning, designing and implementing of PKI infrastructure, including integration with core infrastructure components (servers, desktops and other devices) to automate the management of the certificate lifecycle (issuance, notification of expiration/revocation, replacement with restart of impacted services) and SSH keys in a large organization.
• Experience with scripting tools to automate routine tasks.
• Possess good working knowledge of PKI, SSL/TLS, multi-factor authentication, X.509 token, single sign-on, federated identity, SSH and certificate management solutions.
• Knowledge of security issues, techniques and implications across computing platforms.
• Knowledge of Ping, SMARTCARD and Multifactor authentication.
• Knowledge of information security standards (e.g., ISO, NIST).
• Experience with scripting languages \xe2\x80\x93 Python, shell scripting, JavaScript, Perl, SQL.
• Exposure to varied operating systems \xe2\x80\x93 UNIX/Linux, Windows.
• Experience designing cloud-based solutions in AWS, Azure, GCP
• Experience with operational server and client use of PKI for Network Authentication, TLS (cipher suite) configuration across multiple systems/clients (Windows, Linux), enrollment and installation and troubleshooting experience.
• Experience with AppViewX, EJBCA, AWS KMS, ADCS a plus.
• Experience with use of PKI for systems and processes supporting web presence (Web PKI), including Apache, Weblogic, and other front-end servers and processes.
• General understanding of key IT components \xe2\x80\x93 Secure LDAP, Networking, firewall, load balancing, Federated Identity.
• Operational, technical or product management experience in PKI for Identity & Access Management (IAM).
• Experience producing product artifacts, including use cases, product requirements, user journeys, high-level wire frames, roadmaps, product overviews
• Ability to provide program and project leadership across multiple teams to illustrate strategy is reducing risk and meets the needs of our customers. Partner with other product leads, architects, and engineers to reduce risk
• Experience with planning, leading and executing organizational change effectively and consistently to achieve desired business objectives
• Strong influence and negotiating skills, and the ability to overcome barriers and resistance to execute against strategic plans
• Ability to resolve conflict with a proven ability to facilitate and/or make complex decisions based on experience, analysis and judgment.

Certifications below are preferred and not limited to the following:

Industry certification:

CISSP/ CIAM / CISM / CISA / CRISC

Vendor Solutions and product specific certifications:

Digicert TLS/SSL Associate/Professional level

EEO (Equal Employment Opportunity)

Baxter is an equal opportunity employer. Baxter evaluates qualified applicants without regard to race, color, religion, gender, national origin, age, sexual orientation, gender identity or expression, protected veteran status, disability/handicap status or any other legally protected characteristic.

Reasonable Accommodations

Baxter is committed to working with and providing reasonable accommodations to individuals with disabilities. If, because of a medical condition or disability, you need a reasonable accommodation for any part of the application or interview process, please send an e-mail to Americas_TTA@baxter.com and let us know the nature of your request along with your contact information.

Recruitment Fraud Notice

Baxter has discovered incidents of employment scams, where fraudulent parties pose as Baxter employees, recruiters, or other agents, and engage with online job seekers in an attempt to steal personal and/or financial information. To learn how you can protect yourself, review our .

Baxter