Oferty pracy

PKI Expert


The following are the tasks and To Dos based on taking over the Master Registrator role of the T-Systems Shared Business CA (SBCA) and the T-Systems Telesec ServerPass CA (extract from the service description):

  • For the administration of the PKI client (master domain), the customer (e.g., company, authority, institution) names a responsible person to whom a master registrar certificate is issued, and who is thus to perform the master registrar function.
  • The following functions are available to the master registrar on the website:
  • Create, search and edit areas of responsibility (sub-domains),
  • Issue, search and revoke sub-registrar certificates; optional: role assignment of sub-registrar certificates (derivatives) for the CMP interface.
  • Search and edit subscriber certificates,
  • Initiate and download certificate revocation lists (CRL),
  • View and download CA and root CA certificates,
  • Manage the client by posting notices, posting client documents, and changing login information,
  • Viewing information such as notices and downloading DT Security documents,
  • Renewing the master registrar certificate,
  • generating statistics within the master domain.
  • The Customer shall make every effort, using technical and human resources, to ensure that the TeleSec Shared-Business-CA PKI service can be successfully integrated into the Customer's environment and operated on a permanent basis.
  • Full support of the registration authority in incident, problem and change management as well as in security incidents of any kind in connection with the TeleSec Shared-Business-CA.
  • Implementation of directives from the certification authority (TeleSec Shared-Business-CA).
  • Prompt and comprehensive implementation of changes to the Certificate Policy (CP) and Certification Practice Statement (CPS) or of measures resulting from changes in the requirements of relevant requirement sources.
  • Full support for audits of the TeleSec Shared-Business-CA by the registration authority or external auditors as part of the certification of the TeleSec Shared-Business-CA.
  • Procurement, installation, configuration and operation of the registrar PC(s) (PC workstation(s)) of the registration authority(ies) required for certificate management (issuing, renewing, revoking) within the PKI client(s).
  • Procurement, installation, configuration and operation of all hardware and software components, such as Internet access, telephone, storage media, anti-virus software, access protection, software updates, required to enable registrar PC handling and certificate management.
  • Registration process of all end-participants and registrars (except master registrar) leading to issuance, renewal and revocation of any certificates.
  • Validation and configuration of bulk data (organizational data and Internet domains) by the sub-CA.
  • Certificate management (issuance, renewal and revocation) including key backup, recovery of any type of certificate.
  • Rollout/deployment: Certificate distribution of soft PSE and/or smartcards with corresponding PIN letter, insofar as the standard processes (user website, mail, SCEP, CMP) do not map this, to the certificate applicants or certificate holders or other technical components (e.g., customer-specific LDAP directory service, Active Directory).
  • Shipping and distribution of smartcard readers and/or smartcards to certificate applicants or certificate holders.
  • Scripting of software of any kind (e.g. drivers, middleware).
  • Automatic and/or manual software distribution and software installation (e.g. CA certificates, soft PSE, drivers, middleware (CSP, PKCS#11 module)).
  • Development, testing, integration and maintenance of a customer-specific CMP client that interacts with the CMP server interface of the TeleSec shared business CA (see current CMP specification).
  • Development or deployment, maintenance and configuration of application software (e.g. mail or VPN software, network logon) of any kind that supports X.509v3 certificates.


  • Create and issue certificates for the departments
  • Knowledge in the area of certificates (keystores, cryptoboxes) and their use under Linux/Unix/Windows Server
  • Mature experience in handling/using keystores/certificate standards (PKCS 8/10/12...)
  • "Caretaker and connector" between different units (Research and Development, T-Systems, Application Operations,...)
  • familiar with the work in the ticket system, SNOW.


What we offer:

  • Interesting projects
  • Private medical care
  • MyBenefit platform (included the MultiSport Programme)
  • Possible group life insurance
  • Co-financing for kindergarten or nursery
  • Workation
  • Internal and external trainings, certifications and participation in conferences
  • Foreign language courses
  • Healthy Office Snacks (fruits)
  • Great atmosphere and a chance to work with inspiring people


If you would be interested in learning the details about the project I am mentioning here and taking part in the recruitment process - then I encourage you to send a CV containing the clause:

„I agree to the processing by Sopra Steria Polska Sp. z o.o. my personal data contained in my CV for the recruitment process and further recruitment processes.”

Dodaj kolejny