Manager – PKI & ESSO – ALSTOM – Bengaluru, Karnataka

The Railway industry today is characterized by both a strong and sustained growth across the world. The trends that drive this are well known: environmental challenges, population growth, urbanization and increasing demands for mobility. With 6B€ of Sales and over 30,000 employees based in nearly 60 countries, Alstom develop & market the most complete range of systems, equipment and services offered today in the railway sector. Today we offer our customers solutions that feature a seamless blend of diverse technologies, ensuring optimal interfaces, along with flexible implementation and real synergy in innovation


Alstom develops & markets the most complete range of systems, equipment and services offered today in the railway sector. Today we offer our customers solutions that feature a seamless blend of diverse technologies, ensuring optimal interfaces, along with flexible implementation and real synergy in innovation. India is one of the most promising transport markets in Asia Pacific region. As per the latest UNIFE forecast, the accessible market in India alone is estimated at close to 4B€ over the 2016-2018 period, with a growth rate of 6.6%. Alstom, with its strong footprint in India, is well positioned to address both the urban as well as mainline railway markets. Alstom’s manufacturing footprint in India – SriCity in Andhra Pradesh, Coimbatore in Tamil Nadu and the upcoming facility at Madhepura in Bihar. This is coupled with an Engineering Centre of Excellence in Bangalore that works on projects for not only India, but the world. Alstom in India is executing metro projects in several Indian cities including Chennai, Kochi and Lucknow. In the mainline space, Alstom is executing a section of the World Bank funded Eastern Dedicated Freight Corridor. The new Electric Locomotives that will be built at the upcoming Madhepura factory will be the most advanced in the Indian Railways fleet.

General Requirement:

  • Solid command of PKI concepts with a demonstrable understanding of x509 certificate fields and extensions and when and why to use each one.
  • Understanding of PKI Policy, Life Cycle management and Auditing of PKI Infrastructure.
  • Strong conceptual knowledge of Cryptography, PKI architecture and its components
  • Expertise in Public Key, Private Key, Digital Certificates concepts, Encryption technologies
  • Certificate Life Cycle Management
  • Understanding of X.509, RSA and general certificate management processes
  • Experience operating as a local registration authority.
  • Experience in managing digital certificates, cryptographic keys, key stores, trust stores, and other cryptographic services.
  • Must have experience with PKI and providing certificates in UNIX or Windows environments.
  • Providing technical guidance on digital certificates, cryptographic keys, and other cryptographic services.
  • Knowledge and experience developing a Certificate Policy (CP) and Certification Practice Statement (CPS).
  • PKI tools such as OpenSSL and Keytool.
  • Ability to use OpenSSL or other utilities to create and analyse certificates, CRLs, and OCSP responses.
  • Experience integrating digital certificates with applications and services.
  • As an Engineer, you will be responsible for administrating and maintaining internal and external PKI systems.
  • Experience with Smart Cards, Middleware, HSMs and the Smart Card Logon process.
  • SSL Enablement of Websites and Web Applications.
  • Managing the services with an understanding of the infrastructure (hardware, software (CA, HSM), design/architecture, data centres, networks, ports, and load balancers), and how all the components interact together.
  • Configure, implement, support, resolve complex issues, govern and enhance CA/PKI, HSM, and the Certificate Services.
  • Dealing with vendors to resolve technical issues.
  • To provide support for on call escalations and doing incident & problem management.
  • Independently resolve tickets & ensure that the agreed SLA of ticket volume and time are met for the team.
  • Good to have knowledge and experience with Microsoft Active Directory, PowerShell and/or other scripting tools.
  • Excellent understanding of Single Sign-on (SSO).
  • Excellent understanding of two-factor authentication.
  • Ability to create and manage a fiscal year plan/budget.
  • Experience with network scanning utilities: eg. Qualys, etc.
  • Provide support for integrating Certificate management product with various mobile device management platforms to provide authentication certificates to the devices.
  • Experience supporting mobile device operating systems: Android, IOS, and Microsoft etc.
  • Trouble shoot product issues in organization environment and provide resolution
  • Analyse client reported technical issues and refer to technical team if the issue is a product level.
  • Maintain inventory of customers SSL/TLS, code-signing and S/MIME/client certificates.
  • LDAP Know-How (Access to 389 DS …)
  • Open Trust Smartcard Management Infrastructure.
  • Private Key Infrastructure Know-How (CA, RA, SCEP, OCSP, Public-key cryptography , SSL…)
  • Good understanding of client security toolset ( Symantec and McAfee Antivirus, HIPS, Firewall, DLP, encryption)

Open Trust PKI:

  • Installing and configuring Open Trust PKI
  • Overview of product architecture and Open Trust PKI components (CA, RA, CMS, Logs).
  • Hands on experience using Open Trust PKI-RA (RA, EE, Access Control, Configuration).
  • Configuring Certificate Categories, Certificate Management Profiles and Email Templates.
  • Hands on experience using Open Trust PKI-CMS (Card Management, Server Management, Access Control, Configuration and Audit logs).
  • Configuring Card Management Profiles for Smart card, USB tokens, etc.
  • Administering and troubleshooting Open Trust CMS Client.
  • Using Open Trust PKI as a certificate requester or certificate holder.
  • Managing Open Trust PKI and the lifecycles of certificates
  • Log Analysis to identify the cause of the issue and work with the vendor to provide the solution.
  • Testing the application upgrades, UAT and pushing upgrades to user machines.

Single Sign-On

  • Experience with Evidian Enterprise Single Sign-On Service.
  • Experience administrating the Enterprise SSO using the User Access Admin Console and Enterprise SSO Studio.
  • Password Management, Application configuration (Windows, Web, SAP, etc.).
  • Defining Applications and Technical Definition Objects.
  • Testing SSO configuration of an application.
  • Experience using Standard Plugins, Microsoft IE Plugins, SAP R/3 Plugins, etc. for application detection.
  • Using Advance configuration using Custom Scripts for the applications detection.
  • Troubleshooting user issues.

At Alstom we offer you the opportunity to unleash your potential and reinvent yourself. As a future employee, you will have a unique opportunity to drive our organization forward, while continuing to build your career and contribute to the expanding growth of the global railway industry. More information about Alstom can be found at:

Job Segment: ERP, Bank, Banking, Manager, SAP, Technology, Finance, Management

Other jobs you may like

Automation Manager
CIEL HR ServicesBengaluru, Karnataka
1 day ago

Apply securely with Indeed Resume

Head of Social
NESTAWAYBengaluru, Karnataka
1 day ago

Apply securely with Indeed Resume

1,918 reviews

Alstom is all about speed and power. Alstom’s Power segment is a world leader, providing boilers, turbines, air quality systems, generators,…