Job Description:

You will work with

You will join a highly skilled Enterprise Technology team passionate about building and safeguarding the identity and certificate management platforms that form the backbone of our digital trust strategy. This is a collaborative environment where engineers, architects, and product owners work side by side to deliver secure, resilient, and innovative solutions at scale.

You will partner with a broad set of collaborators, including Identity & Access Management, Information Security, DevOps, Cloud Platform, Application Development, and Compliance teams, as well as senior business leaders who rely on these critical services. Close collaboration with cloud service providers (AWS, Azure, GCP) and vendor partners will also be a key part of the role.

What makes this team outstanding is its culture of trust, innovation, and continuous learning. We embrace automation, modern engineering practices, and forward-looking cryptographic strategies to stay ahead of evolving threats. You'll be part of a team that values technical perfection, visibility, and knowledge sharing-where every engineer has a voice in shaping the future of enterprise security.

Let me tell you about the role

Join us to improve our digital trust as our Staff Enterprise Technology Engineer for Certificate and Identity Management. You'll build and evolve the critical foundation on which our entire digital ecosystem depends-the cornerstone authentication platform that enables all other services to operate securely. Blending deep security expertise with strategic vision, you'll transform our identity infrastructure from traditional PKI to quantum-resistant solutions while ensuring enterprise-wide resilience. You will also play a key role in evolving how we lead, automate, and secure our directory infrastructure, including Active Directory (AD), Entra ID (AAD), and related identity platforms.

As a key member of this team, you will be a guardian of this operationally critical platform, you'll engineer a dynamic platform that continuously evolves while supporting innovation across all business functions. Working with senior leadership, you'll drive automation initiatives and establish security frameworks that safeguard our critical applications. Build the future of machine identity in the quantum age, knowing that your work forms the crucial bedrock of trust for everything we build.

What you will deliver

• Ensure Secure & Reliable PKI Operations - Maintain and improve our internal Certificate Authorities (CAs), ensuring high availability, security, and compliance.
• Automate Certificate Management - Implement self-service workflows for certificate issuance, renewal, and revocation using Terraform, Ansible, and CI/CD pipelines.
• Enable Zero Trust & IAM Security - Integrate certificate-based authentication across VPNs, smart cards, SPIFFE/ SPIRE, and workload identities.
• Optimize TLS & mTLS Implementations - Secure web servers, service mesh environments (Istio, Linkerd), and machine-to-machine communications.
• Enhance Security & Compliance - Align PKI operations with NIST, ISO 27001, SOC 2, GDPR, and PCI-DSS frameworks.
• Drive Future-Proofing Initiatives - Plan for post-quantum cryptography, hybrid certificates, and sophisticated identity security trends.
• Solid understanding of Active Directory (AD) & Entra ID (AAD), including domain management, directory synchronization, and identity security.
• Understanding modern IAM architecture, including Zero Trust, workload identity, and federated authentication.

Experience & Qualifications

• Bachelor's degree in Technology, Engineering, Computer Science, or a related field.
• Demonstrable experience in enterprise technology, security, and operations within large-scale, global environments.
• Strong collaborator management and communication skills, with the ability to engage and influence senior business leaders.
• Shown experience implementing CI/CD pipelines, DevOps methodologies, and Infrastructure-as-Code practices.
• Deep understanding of ITIL, Agile delivery, and enterprise IT governance frameworks.
• A passion for emerging technology trends, innovation, and security procedures.

Technical Skills

• Public Key Infrastructure (PKI) Expertise: Solid understanding of X.509, TLS/SSL, OCSP, CRL, ADCS, and Entra ID Certificate Management.
• Identity & Access Management (IAM) & Zero Trust: Experience with workload identity, certificate-based authentication, and frameworks such as SPIFFE/SPIRE.
• Automation & Infrastructure as Code (IaC): Proficiency with tools such as Terraform, Ansible, CloudFormation, and Kubernetes.
• Multi-Cloud Security: Hands-on experience with AWS Certificate Manager (ACM), Azure Key Vault, and other cloud-native identity/security services.
• Solving & Diagnostics: Expertise in resolving certificate and cryptographic issues, including TLS handshake errors and certificate transparency log analysis.

Skills that set you apart

• Problem-Solving & Innovation - You proactively find solutions, address issues, and improve security processes.
• Automation & Scalability you accept Infrastructure-as-Code and self-service automation for efficient PKI management.
• Security first approach - You ensure security is embedded at every stage, aligning with Zero Trust principles.

About bp

Our purpose is to deliver energy to the world, today and tomorrow. For over 100 years, bp has focused on discovering, developing, and producing oil and gas in the nations where we operate. We are one of the few companies globally that can provide governments and customers with an integrated energy offering. Delivering our strategy sustainably is fundamental to achieving our ambition to be a net zero company by 2050 or sooner!

We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform crucial job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation.

Travel Requirement
Up to 10% travel should be expected with this role

Relocation Assistance:
This role is eligible for relocation within country

Remote Type:
This position is a hybrid of office/remote working

Skills:
Agility core practices, Agility core practices, Analytics, API and platform design, Business Analysis, Cloud Platforms, Coaching, Communication, Configuration management and release, Continuous deployment and release, Data Structures and Algorithms (Inactive), Digital Project Management, Documentation and knowledge sharing, Facilitation, Information Security, iOS and Android development, Mentoring, Metrics definition and instrumentation, NoSql data modelling, Relational Data Modelling, Risk Management, Scripting, Service operations and resiliency, Software Design and Development, Source control and code management {+ 4 more}

Legal Disclaimer:

We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, sex, gender, gender expression, sexual orientation, age, marital status, socioeconomic status, neurodiversity/neurocognitive functioning, veteran status or disability status. Individuals with an accessibility need may request an adjustment/accommodation related to bp's recruiting process (e.g., accessing the job application, completing required assessments, participating in telephone screenings or interviews, etc.). If you would like to request an adjustment/accommodation related to the recruitment process, please contact us.

If you are selected for a position and depending upon your role, your employment may be contingent upon adherence to local policy. This may include pre-placement drug screening, medical review of physical fitness for the role, and background checks.