Certificate MGMT or Microsoft PKI Engineer

Requisition Number: 2352031
Optum is a global organization that delivers care, aided by technology to help millions of people live healthier lives. The work you do with our team will directly improve health outcomes by connecting people with the care, pharmacy benefits, data and resources they need to feel their best. Here, you will find a culture guided by inclusion, talented peers, comprehensive benefits and career development opportunities. Come make an impact on the communities we serve as you help us advance health optimization on a global scale. Join us to start Caring. Connecting. Growing together.
Positions in this function design, engineer, and manage the organization's infrastructure and operational platforms. From a cloud services model, this includes services commonly thought of as IaaS and PaaS and their underlying foundational components. Additionally, this function also has responsibility for traditional enterprise infrastructure and operational platforms such as email, file transfer, and collaboration technologies, among others. This role must understand functional and non-functional requirements to ensure they can be achieved through system design and engineering to meet the needs of the customers. Work closely with business and technology stakeholders to develop roadmaps for their respective technology portfolios, resolve cross-system and domain dependencies, ensure effective integration among the services offered to the end customer, and efficient usage of infrastructure and operational platforms. Monitor technological advancements and industry trends to influence company standards and ensure that solutions are continuously improved and maintained through product management practices, including recommendations to invest in a solution or retirement of redundant or out-of-date systems. Understand the interactions between systems, the applications and services hosted, and evaluate the impact of changes and additions. Perform analysis on existing systems to ensure performance and reliability, enhance scalability, meet security requirements, and interoperable and maintainable technology portfolio.
Primary Responsibilities:

• Certificate & PKI Administration
  • Administer and support enterprise PKI infrastructure, including Root and Issuing CAs.
  • Manage certificate issuance, renewal, revocation, and retirement for:
    • Internal server certificates
    • External/public TLS certificates
    • Load balancers, proxies, and gateways
    • Application and service certificates
  • Maintain certificate templates, enrollment policies, and validity standards.
  • Operate and monitor CRL, OCSP, and certificate distribution endpoints.
  • Perform routine PKI health checks, audits, and lifecycle reviews.
• Certificate Lifecycle Operations
  • Proactively monitor certificate expiration across environments and prevent outages.
  • Execute planned certificate rotations with zero or minimal downtime.
  • Respond to certificate-related incidents, including expired, misconfigured, or revoked certificates.
  • Maintain certificate inventory, ownership metadata, and renewal methods.
  • Support external CA interactions for publicly trusted certificates (e.g., domain validation, reissuance).
• Automation & Operational Enablement
  • Leverage existing automation tools and platforms to streamline:
    • Certificate renewals
    • Certificate deployment to servers, load balancers, and platforms
  • Perform light scripting (PowerShell, shell, or Python) for:
    • Operational automation
    • Reporting
    • Certificate discovery
  • Work with automation and platform teams to integrate certificate management into:
    • Infrastructure workflows
    • Load balancer or ingress updates
  • Maintain and execute runbooks for automated and manual certificate processes.
  • Note: This role does not require building complex applications or frameworks. Automation is focused on operational reliability and efficiency, not software development.
• Compute & Platform Integration
  • Install, update, and maintain certificates on:
    • Windows and Linux servers
    • Web servers (IIS, Apache, Nginx)
    • Reverse proxies and load balancers (F5, HAProxy, Citrix, etc.)
  • Support certificate needs for:
    • Virtual machines
    • Container platforms (Kubernetes, OpenShift - operational use)
    • Cloud workloads
  • Coordinate with network and security teams to implement TLS standards and policies.
• Governance, Risk & Compliance
  • Ensure certificates meet enterprise standards for:
    • Key sizes
    • Algorithms
    • Validity periods
    • Naming conventions and SAN rules
  • Support audits and compliance activities (SOX, PCI, ISO, internal security reviews).
  • Maintain documentation for PKI architecture, renewal processes, and operational procedures.
• Analyzes and investigates
• Provides explanations and interpretations within area of expertise
• Comply with the terms and conditions of the employment contract, company policies and procedures, and any and all directives (such as, but not limited to, transfer and/or re-assignment to different work locations, change in teams and/or work shifts, policies in regards to flexibility of work benefits and/or work environment, alternative work arrangements, and other decisions that may arise due to the changing business environment). The Company may adopt, vary or rescind these policies and directives in its absolute discretion and without any limitation (implied or otherwise) on its ability to do so

Required Qualifications:

• Undergraduate degree or equivalent experience.
• 5+ years in compute, infrastructure, or systems administration
• 3+ years hands on experience managing PKI and certificate services
• 3+ years hands on experience managing certificates and PKI in production environments
• Proven experience supporting infrastructure platforms at scale
• Solid operational experience with:
  • Certificate issuance and renewals
  • Internal and external certificates
  • Enterprise infrastructure environments
  • Technical Skills (Administrator-Level)
• Experience administering Microsoft AD CS and/or enterprise PKI tools.
• Hands on experience deploying certificates to:
  • Windows/Linux servers
  • IIS, Apache, Nginx
  • Load balancers or reverse proxies
• Hands on administration of:
  • Microsoft AD CS or similar PKI platforms
  • Windows and Linux server environments
• Experience managing certificates on:
  • Web servers (IIS, Apache, Nginx)
  • Load balancers or reverse proxies
• Solid understanding of:
  • X.509 certificates
  • TLS / HTTPS
  • Certificate chains and trust models
  • Certificate chaining and trust relationships
• Familiarity with certificate tooling such as:
  • Venafi, Keyfactor, AppViewX, DigiCert, Sectigo (any one or more)
• Working knowledge of:
  • PowerShell and/or basic Python or shell scripting
  • ITSM tools (e.g., ServiceNow)
  • Basic scripting for administrative automation
• Familiarity with enterprise certificate platforms (any of):
  • Venafi
  • Keyfactor
  • AppViewX
  • DigiCert / Sectigo

Preferred Qualifications:

• Experience with cloud certificate services (AWS ACM, Azure Key Vault Certificates).
• Operational experience with Kubernetes certificates (supporting cert manager or ingress certs)
• Experience using ITSM tools (ServiceNow or similar)
• Exposure to Kubernetes certificate administration (cert-manager from an ops perspective).
• Exposure to cloud compute certificate services (AWS ACM, Azure Key Vault Certificates)
• Background supporting regulated or audited environments
• Familiarity with:
  • HSM-backed key storage
  • Code-signing certificates
  • Device or service identity certificates
• Security or infrastructure certifications

At UnitedHealth Group, our mission is to help people live healthier lives and make the health system work better for everyone. We believe everyone-of every race, gender, sexuality, age, location and income-deserves the opportunity to live their healthiest life. Today, however, there are still far too many barriers to good health which are disproportionately experienced by people of color, historically marginalized groups and those with lower incomes. We are committed to mitigating our impact on the environment and enabling and delivering equitable care that addresses health disparities and improves health outcomes - an enterprise priority reflected in our mission.
Optum is a drug-free workplace. © 2026 Optum Global Solutions (Philippines) Inc. All rights reserved.