Access Control Solution Architect/PKI

Category: Cyber Security Consulting
City: Ottawa, Ontario, Canada
Position ID: J0520-0197
Employment Type: Full Time

Position Description

Security Clearance: Secret

CGI is seeking ONE (1) Access Control Solution Architect with in-depth knowledge and experience with defining and delivery of Access Control solutions based on PKI infrastructure and RSA SecurID platform. The Resources will be working with the Identity and Access Management Portfolio to define and assess the feasibility of the specific solutions, validate and refine the design or integration patterns, implement & fine tune selected configuration on premise, and support ongoing service delivery / day to day operations when required.

Your future duties and responsibilities

• Acting as an expert in Public Key Infrastructure (PKI) & Key Management System Architecture, capabilities and security controls.

• Generate or enhance Architecture and Design artifacts such as a solution architecture document and technical requirements design document for each of the individual IAM components, diagrams, and technical presentations

• Lead the enhancement of existing RSA SecurID platform by extending integrating of critical on-premise applications and services in line with information security standards and industry best practices.

• Provide technical guidance for effective implementation of Cryptographic and Application Integration Protocols (e.g., SAML, XML, Web Services, XACML, SSL, etc.)

• Act as solution integrator and technical lead for implementing MS CA, RSA SecurID, HSM or other Access Control solutions

• Ensure continuous improvement within the IAM security services by introducing and implementing emerging security technologies and practices.

• Provide leadership and guidance throughout the project lifecycle, including evaluating business requirements and security technologies, planning technology deployment, mentoring security engineering teams, and soliciting feedback from security operations teams and other internal customers

• Participate in the planning and execution of testing related to production deployment validation, performance, failover and vulnerabilities remediation, and disaster recovery

• Represent the IAM Portfolio team in project meetings as the SME for PKI and RSA SecurID

• Resolve complex IAM and cross functional technical issues in a timely manner

• Create and maintain project and operational how-to documentation

Required qualifications to be successful in this role


• 3-5 years of experience in a full-time technical role designing, managing, maintaining and troubleshooting a network access control solutions in complex enterprise environment;

• A minimum of two (2) years of administrator or integrator experience MS CA and/or RSA SecurID access control solutions

• Expert level experience in MS Certificate Management Services and Active Directory Domain Services.

• Expert level experience in SSL certificate management concepts, processes, and solution management.

• Proven experience with PKI implementation and certificate lifecycle management solution.

• Expert level experience with hardware security module (HSM) technology. Direct experience with Safenet HSM (Gemalto) platforms is highly desirable.

• Expert level experience designing and implementation 2FA and MFA controls for on-premise applications and services based on RSA SecurID platform

Other Requirements

• Individuals are expected to have a strong background across all of the following information security domains, with hands-on enterprise expertise in, at minimum, two:

o Public key infrastructure

o Strong authentication / multi-factor authentication technologies

o Cryptographic services

o Data Protection

• English essential, French will be considered an asset

The following would be considered assets:

• Certifications may include: CISSP, CISM, MS MC: Azure Security Engineer. AZ-500 (preferred)

• Experience working in Agile and DevOps environments

What you can expect from us

Build your career with us.

It is an extraordinary time to be in business. As digital transformation continues to accelerate, CGI is at the center of this change—supporting our clients’ digital journeys and offering our professionals exciting career opportunities.

At CGI, our success comes from the talent and commitment of our professionals. As one team, we share the challenges and rewards that come from growing our company, which reinforces our culture of ownership. All of our professionals benefit from the value we collectively create.

Be part of building one of the largest independent technology and business services firms in the world.

Learn more about CGI at

No unsolicited agency referrals please.

CGI is an equal opportunity employer. In addition, CGI is committed to providing accommodations for people with disabilities in accordance with provincial legislation. Please let us know if you require a reasonable accommodation due to a disability during any aspect of the recruitment process and we will work with you to address your needs.