
Certificate Management Automation & Platform Lead
Job Description
Company:
MarshDescription:
The Certificate Management Automation & Platform Lead is responsible for defining and executing Marsh’s certificate automation strategy, delivering scalable platforms and integration patterns that minimize manual certificate handling and operational risk. The role drives adoption of automated issuance and renewal using ACME and API-based workflows, embeds certificate controls into CI/CD and Infrastructure-as-Code pipelines, and ensures enterprise standards are consistently enforced through automation guardrails. The lead will explore AI capabilities that can be applied to further streamline certificate management processes and procedures. It covers all certificate types used in Marsh.
Working closely with Security, Platform, Infrastructure and Application teams, the lead integrates and optimizes the Vaults and ecosystems (including CA connectivity, policy enforcement, and lifecycle monitoring), enabling self-service consumption, improved visibility and reporting, and reliable rotation across cloud, on-premises and application environments. The lead partners with technology teams during incidents to consult on and design long-term automation solutions to root causes.
Certificate Management Automation & Platform Lead
We will count on you to:
Own the enterprise certificate management automation strategy and roadmap, reducing manual certificate handling and operational risk.
Design and deliver automated issuance, renewal, and lifecycle workflows using ACME and API-based patterns across diverse technology stacks.
Engineer CI/CD and Infrastructure-as-Code integration patterns, including pipeline templates, reusable modules, and golden paths that enforce certificate standards by default.
Operate and continuously improve certificate platforms, including CA connectivity, policy enforcement, onboarding, observability, runbooks, and resilience planning.
Partner with Security, Platform, Infrastructure, Application, and vendor teams to drive durable automation, reliability improvements, and continuous innovation, including AI-enabled opportunities.
What you need to have:
7–10+ years of experience in technology with increasing senior-level responsibility.
Demonstrated experience building and operating enterprise certificate management automation platforms, ideally with HashiCorp Vault or an equivalent platform.
Strong knowledge of ACME, certificate APIs, automated issuance and renewal patterns, and integration approaches for varied application and platform environments.
Hands-on experience with automation and integration engineering, such as Python, Go, PowerShell, REST APIs, OAuth2/OIDC, and mTLS.
Strong stakeholder management and communication skills, with the ability to work effectively in a federated, cross-functional environment.
What makes you stand out:
Experience embedding certificate controls into CI/CD and developer workflows through reusable modules, golden paths, and self-service onboarding.
Proven ability to implement policy-as-code guardrails for naming, SANs, key sizes, validity periods, approvals, and segregation of duties.
Working knowledge of observability, reliability, and operational management for automation platforms, including dashboards, alerting, SLOs, HA/DR, patching, and auditability.
Familiarity with key management and secure key storage integrations, including HSMs, cloud KMS, and secrets management.
Experience driving large-scale certificate transitions, reissuance events, or automation improvements using AI to improve efficiency and operating model maturity.
Why join our team:
We help you be your best through professional development opportunities, interesting work and supportive leaders.
We foster a vibrant and inclusive culture where you can work with talented colleagues to create new solutions and have impact for colleagues, clients and communities.
Our scale enables us to provide a range of career opportunities, as well as benefits and rewards to enhance your well-being.