Product Engineer, Certificate Life Cycle Management

Job Description
Are You Ready to Make It Happen at Mondelēz International?
Join our Mission to Lead the Future of Snacking. Make It Uniquely Yours.
You work with the information security team as a competent and experienced information security and compliance specialist.
How you will contribute
You will assess information security risks in line with internal policy and external best practices, and support security of information and IT assets by testing security systems and applying security standards, policies, and procedures. Under the guidance of global information security lead, you will implement cyber security technology and provide day-to-day business support. If relevant to your role, you will manage third-party providers to ensure that any internal or third-party adhere to standards. You will also provide information security training to appropriate teams.
What you will bring
A desire to drive your future and accelerate your career. You will bring experience and knowledge in:

• Information security, compliance and risk management
• Security solutions and their applicability to Mondelēz International
• Security strategies, awareness campaigns, policies/standards and governance
• Communicating effectively with technical specialists, leaders and peers
• Analytical and problem-solving abilities
• Being a team player by supporting and leading to achieve common goals

About this Job
Mondelez International is hiring IAM Product Engineer, Certificate Life Cycle Management.
Role Overview
We are seeking IAM Product Engineer, Certificate Life Cycle Management to design, implement, and operate enterprise Public Key Infrastructure (PKI) and Certificate Lifecycle Management (CLM) capabilities supporting global digital certificate, encryption, and machine identity security requirements.
This role will be responsible for the architecture, engineering, and automation of PKI and certificate lifecycle management platforms, including enterprise certificate authorities, integrations with public certificate authorities, and certificate lifecycle management tools such as Venafi. The position will focus on strengthening certificate governance, automation, and operational reliability across enterprise infrastructure, applications, APIs, and cloud platforms.
This position works closely with IAM, cybersecurity, infrastructure, cloud, DevOps, and application teams to ensure secure certificate-based authentication, encryption services, and machine identity management across enterprise systems.
Job Responsibilities

• Design, implement, and maintain enterprise Public Key Infrastructure (PKI) environments including root and subordinate certificate authorities using platforms such as Microsoft Active Directory Certificate Services (AD CS).
• Define and maintain PKI trust hierarchies, certificate issuance policies, certificate templates, and cryptographic key management standards supporting enterprise authentication, encryption, and digital trust requirements.
• Configure and manage PKI infrastructure components including CRL distribution points, OCSP responders, certificate validation services, and certificate trust chains.
• Engineer and enhance certificate lifecycle management (CLM) platforms such as Venafi, focusing on improving automation, governance, and operational reliability of certificate services.
• Develop and implement automation workflows and policy-driven processes within Venafi to enable secure and scalable certificate lifecycle operations across enterprise environments.
• Enable self-service certificate provisioning and lifecycle management for application owners and infrastructure teams, allowing secure certificate request, issuance, renewal, and deployment through automated and policy-controlled workflows.
• Integrate CLM platforms with enterprise systems, infrastructure platforms, and DevOps pipelines to automate certificate provisioning, renewal, and rotation across applications and services.
• Proactively manage the certificate lifecycle across the enterprise, ensuring certificates are renewed and rotated before expiration to prevent outages and service disruptions.
• Experience building self-service certificate provisioning workflows using Venafi or other CLM platforms
• Establish enterprise controls and monitoring to eliminate certificate-related service outages and reduce risks associated with unmanaged or expired certificates.
• Maintain centralized visibility and inventory of certificates, keys, and machine identities, ensuring proper ownership tracking and lifecycle governance across enterprise environments.
• Manage integrations with public certificate authorities such as DigiCert to support lifecycle management of externally trusted SSL/TLS certificates.
• Implement automation using PowerShell, APIs, and scripting frameworks to streamline certificate lifecycle operations and reduce manual processes.
• Manage cryptographic key protection using Hardware Security Modules (HSMs) such as Thales to ensure secure key generation, storage, and lifecycle management.
• Monitor PKI infrastructure and certificate environments to identify certificate expiration risks, trust chain issues, or unauthorized certificate issuance events.
• Maintain PKI governance documentation including Certificate Policies (CP), Certification Practice Statements (CPS), architecture documentation, and operational runbooks.
• Collaborate with IAM, cybersecurity, infrastructure, DevOps, and application teams to strengthen machine identity governance, certificate lifecycle automation, and secure certificate-based authentication across enterprise systems.

Qualifications
Education & Experience

• Bachelor's degree in Computer Science, Cybersecurity, Information Technology, or related field.
• 8-12+ years of experience in PKI engineering, certificate lifecycle management, or cryptographic infrastructure within large enterprise environments.
• Proven experience designing and operating enterprise PKI environments and certificate lifecycle management platforms.

Technical Expertise
Strong hands-on experience with:

• Public Key Infrastructure (PKI) architecture and certificate trust models.
• Microsoft Active Directory Certificate Services (AD CS).
• Certificate Lifecycle Management (CLM) platforms such as Venafi.
• Public Certificate Authorities (CAs) such as DigiCert.
• CRL and OCSP configuration and certificate validation infrastructure.
• Cryptographic standards and certificate-based authentication mechanisms.

Platform & Integration Experience
Experience working with:

• Hardware Security Modules (HSMs) for secure key management
• Cloud platforms including Microsoft Azure and AWS for certificate integration.
• Certificate deployment across enterprise infrastructure including web servers, application servers, load balancers, and API platforms.
• Automation using PowerShell, REST APIs, or scripting frameworks.
• DevOps integration for certificate automation within application deployment pipelines.

No Relocation support available
Business Unit Summary
At Mondelēz International, our purpose is to empower people to snack right by offering the right snack, for the right moment, made the right way. That means delivering a broad range of delicious, high-quality snacks that nourish life's moments, made with sustainable ingredients and packaging that consumers can feel good about.
We have a rich portfolio of strong brands globally and locally including many household names such as Oreo, belVita and LU biscuits; Cadbury Dairy Milk, Milka and Toblerone chocolate; Sour Patch Kids candy and Trident gum. We are proud to hold the top position globally in biscuits, chocolate and candy and the second top position in gum.
Our 80,000 makers and bakers are located in more than 80 countries and we sell our products in over 150 countries around the world. Our people are energized for growth and critical to us living our purpose and values. We are a diverse community that can make things happen-and happen fast.
Mondelēz International is an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, gender, sexual orientation or preference, gender identity, national origin, disability status, protected veteran status, or any other characteristic protected by law.
Job Type
Regular
Information Security
Technology & Digital