Job summary

We are seeking a Trust Assurance Specialist to join the Trust Office team at DigiCert. This role is responsible for owning defined compliance and assurance areas, including audit execution, control management, and regulatory alignment.

The successful candidate will have a minimum of 5 years of experience in compliance, risk management, or audit, with the ability to independently manage audit and control activities and engage stakeholders across the organization.

This role reports to the Head of Compliance and works closely with cross-functional teams across Security, IT, Legal, and Operations.

What you will do

Audit & Assurance Support

• Own and manage assigned external (e.g., SOC 2, WebTrust) and customer audits
• Plan audit activities, coordinate stakeholders, and ensure timely delivery of evidence
• Track, manage, and drive remediation of audit findings

Regulatory Compliance

• Ensure ongoing compliance within assigned frameworks (e.g., WebTrust for CAs, SOC 2, ISO 27001, NIST)
• Interpret regulatory requirements and ensure controls align with both regulatory expectations and internal policy frameworks 

Control Management

• Design, document, and evaluate controls to ensure effectiveness and compliance
• Perform and oversee control testing within assigned areas
• Identify control gaps and drive remediation efforts

Risk & Governance Support

• Provide input into risk assessments and support broader risk management activities.
• Assist in maintaining compliance documentation and reporting.

Stakeholder Collaboration

• Partner with internal teams (Security, IT, Legal, HR, Operations) to support compliance initiatives.
• Act as a point of contact for audit-related queries within assigned areas.

Continuous Improvement

• Stay informed on relevant regulatory and industry developments.
• Identify opportunities to improve compliance processes, tools, and reporting.

General

• Support a culture of compliance and security awareness across the organization.
• Perform other related duties as assigned.

What you will have

• Bachelor’s degree in Law, Compliance, Information Security, Computer Science, or a related field
• Minimum 5 years of experience in compliance, risk management, audit, or related roles
• Experience managing audits and working with frameworks such as SOC 2, ISO 27001, WebTrust, or NIST
• Experience in control design, documentation, and testing
• Strong analytical and problem-solving skills
• Excellent communication and stakeholder management skills
• Ability to work independently and manage multiple priorities

Nice to have

• Exposure to PKI, cybersecurity, or cloud environments
• Progress toward or attainment of certifications such as CISA, CISM, CRISC, or CISSP

Benefits

• Provident Fund
• Medical Aid + Gap Cover
• Employee Assistance Program
• Gym Reimbursement
• Life Insurance
• Disability Insurance

#LI-KK1

__PRESENT

__PRESENT

__PRESENT

__PRESENT

__PRESENT

Job summary

As an Application Security Engineer within our cybersecurity team, you will help safeguard the company’s web applications and services by supporting the integration of security practices into the Software Development Life Cycle (SDLC). You will collaborate with development, DevOps, and security teams to identify, assess, and remediate vulnerabilities, contribute to secure coding practices, and assist in implementing DevSecOps tooling and processes. This role is ideal for someone with a strong technical foundation who is eager to grow within the product/application security space.

What you will do

• Support the integration of security controls and best practices across various phases of the SDLC.
• Assist in security assessments, including static and dynamic code analysis, open-source dependency analysis, and limited penetration testing.
• Participate in manual and automated code reviews to identify potential vulnerabilities and coding flaws.
• Collaborate with software engineers to promote secure development practices, including the use of security testing tools in CI/CD pipelines.
• Contribute to the evaluation, deployment, and tuning of DevSecOps tools such as SAST, DAST, and SCA platforms.
• Help maintain secure deployment workflows and support security automation efforts.
• Participate in cross-functional security reviews of new features and systems with guidance from senior engineers.
• Stay up to date on current security threats, vulnerabilities, and best practices in application security.
• Assist with triaging vulnerabilities from internal scans, bug bounty submissions, or external assessments.
• Document processes and playbooks to support consistent and scalable security practices.
• Provide input to the development of internal security standards and reference architectures.
• Support remediation efforts in collaboration with engineering teams.
• Participate in promoting a security-first culture across the organization.
• Other duties and responsibilities as assigned.

What you will have

• Bachelor’s degree in computer science, cybersecurity, or a related technical field.
• 2+ years of experience in cybersecurity, software engineering, or DevOps, with at least 1+ years focused on application or product security.
• Experience with programming/scripting languages such as Python, JavaScript, or Java.
• Familiarity with DevSecOps tools (SAST, DAST, SCA) and secure SDLC methodologies. - nice to have if they have a solid understanding of common web application vulnerabilities (e.g., OWASP Top 10, CWE).
• Solid understanding of common web application vulnerabilities (e.g., OWASP Top 10, CWE) and remediation strategies.
• Ability to analyze code and spot security issues with guidance.
• Strong communication and collaboration skills.
• Strong attention to detail and willingness to learn new technologies.

Nice to have

• Hands-on experience with CI/CD pipelines (e.g., GitHub Actions, GitLab CI, Jenkins).
• Familiarity with security standards and frameworks such as NIST, OWASP SAMM, ISO 27001, or PCI DSS.
• Experience working in a regulated environment (e.g., financial services, healthcare, or government).
• Professional certifications such as Security+, CEH, eJPT, or equivalent (OSCP or similar preferred but not required).
• Exposure to cloud platforms such as AWS, Azure, or GCP.
• Experience contributing to or managing a bug bounty triage process.

Benefits

• Generous time off policies
• Top shelf benefits
• Education, wellness and lifestyle support

#LI-SS1

Job summary

The Trust Operations Analyst will help advance the security operations of DigiCert by identifying potential risks, and threats by performing real-time log analysis. The Trust Operations Analyst will make use of analyses and understanding of exploits and vulnerabilities to maintain and improve DigiCert’s security posture and hygiene. This position will work on security incidents as they arise with the team.

What you will do

• Provide analysis of security threats and problems.
• Management and evaluation of security alerts and detections
• Work through tickets and resolve tickets per defined SLAs
• Participate in Security Incident Response and analysis of incidents
• Assist in the configuration, management, and maintenance of various security related software and systems
• Be able to effectively work within a team, and self-sufficient/self-motivated when assigned solo work
• Willingness to stay current on emerging threats, vulnerabilities, audit framework updates, etc to help protect DigiCert’s systems
• Willingness to evaluate new tools to improve efficiencies in operational processes
• Actively participate in ongoing training and knowledge transfer with team members
• Provide metrics and statistics to management
• Critically assess current practices and provide feedback to management on improvement opportunities
• Understand policies and standards and be capable of conveying those requirements to end users
• Set clear expectations and provide timely follow-up as appropriate
• Provide audit support for Compliance
• Other duties and responsibilities as assigned
• Willing to work incident response as necessary and work with other groups when this occurs

What you will have

• 3+ years of experience in Information Technology or related technical discipline
• Good experience in Network Traffic
• Advanced level of knowledge of Information Security design concepts and principles
• Must have strong written and verbal communication skills
• Customer Service background and good interpersonal and organizational skills
• Ability to perform in depth log analysis
• Ability to work incidents, experience responding to security incidents in the past
• Ability to look at logs and understand the systems that could be affected
• Willingness and ability to obtain CISSP certification if not already completed

Preferred Qualifications

• Master’s degree in a technical discipline
• 2+ years of experience in Information Security
• 2+ years of experience with SIEM technologies (preferably Splunk)
• Experience with cloud-based identity providers, SSO, SAML, etc
• Experience with zScaler products
• Experience with Web Application Firewall and DDoS protection
• Experience with web application security technologies
• Experience with vulnerability management software (preferably Tenable)
• Experience with endpoint detection and response software (CrowdStrike preferred)
• Experience with scripting languages (Python, Go, PHP, Powershell, Bash, etc)
• Experience with Help Desk
• Knowledge of penetration testing practices and principles
• Certified Information Security Professional (CISSP)

Benefits

• Provident Fund
• Medical Aid + Gap Cover
• Employee Assistance Program
• Gym Reimbursement
• Life Insurance
• Disability Insurance

#LI-KK1

__PRESENT

__PRESENT

__PRESENT

__PRESENT

Job summary

We are seeking a Trust Assurance Specialist to join the Trust Office team at DigiCert. This role is responsible for owning defined compliance and assurance areas, including audit execution, control management, and regulatory alignment.

The successful candidate will have a minimum of 5 years of experience in compliance, risk management, or audit, with the ability to independently manage audit and control activities and engage stakeholders across the organization.

This role reports to the Head of Compliance and works closely with cross-functional teams across Security, IT, Legal, and Operations.

What you will do

Audit & Assurance Support

• Own and manage assigned external (e.g., SOC 2, WebTrust) and customer audits
• Plan audit activities, coordinate stakeholders, and ensure timely delivery of evidence
• Track, manage, and drive remediation of audit findings

Regulatory Compliance

• Ensure ongoing compliance within assigned frameworks (e.g., WebTrust for CAs, SOC 2, ISO 27001, NIST)
• Interpret regulatory requirements and ensure controls align with both regulatory expectations and internal policy frameworks 

Control Management

• Design, document, and evaluate controls to ensure effectiveness and compliance
• Perform and oversee control testing within assigned areas
• Identify control gaps and drive remediation efforts

Risk & Governance Support

• Provide input into risk assessments and support broader risk management activities.
• Assist in maintaining compliance documentation and reporting.

Stakeholder Collaboration

• Partner with internal teams (Security, IT, Legal, HR, Operations) to support compliance initiatives.
• Act as a point of contact for audit-related queries within assigned areas.

Continuous Improvement

• Stay informed on relevant regulatory and industry developments.
• Identify opportunities to improve compliance processes, tools, and reporting.

General

• Support a culture of compliance and security awareness across the organization.
• Perform other related duties as assigned.

What you will have

• Bachelor’s degree in Law, Compliance, Information Security, Computer Science, or a related field
• Minimum 5 years of experience in compliance, risk management, audit, or related roles
• Experience managing audits and working with frameworks such as SOC 2, ISO 27001, WebTrust, or NIST
• Experience in control design, documentation, and testing
• Strong analytical and problem-solving skills
• Excellent communication and stakeholder management skills
• Ability to work independently and manage multiple priorities

Nice to have

• Exposure to PKI, cybersecurity, or cloud environments
• Progress toward or attainment of certifications such as CISA, CISM, CRISC, or CISSP

Benefits

• Provident Fund
• Medical Aid + Gap Cover
• Employee Assistance Program
• Gym Reimbursement
• Life Insurance
• Disability Insurance

#LI-KK1

__PRESENT

__PRESENT

__PRESENT

__PRESENT

__PRESENT

Job summary

We are seeking a Risk Manager to join the Trust Office team at DigiCert. This role is responsible for driving the continued development and operation of DigiCert’s risk management program by implementing consistent risk processes, facilitating risk assessments, and supporting effective oversight of operational and technology risks.

The Risk Manager will work closely with cross-functional stakeholders to identify, assess, and manage risk across the organization. The role will also support DigiCert’s Third-Party Risk Management (TPRM) program and contribute to risk reporting and governance activities.

This position reports to the Head of Compliance & Risk and will manage a small team of risk analysts supporting risk management and third-party risk activities.

What you will do

• Support the ongoing development and maturity of DigiCert’s risk management program and associated processes.
• Facilitate risk identification and assessment activities across business and technology functions.
• Maintain and update the centralized risk register, ensuring risks are clearly documented, prioritized, and assigned to accountable owners.
• Work with business leaders to evaluate risk exposure and support the development of practical mitigation strategies.
• Support internal audits, external audits, and regulatory examinations related to risk management practices.
• Assist with the development of risk reporting and dashboards for senior leadership and governance forums.
• Collaborate with Security, IT, Compliance, Legal, and operational teams to identify and address technology and operational risks.
• Support the integration of acquired entities into DigiCert’s risk management framework.
• Support DigiCert’s Third-Party Risk Management (TPRM) program, including vendor risk assessments and ongoing monitoring activities.
• Assist in improving risk processes, documentation, and governance practices to ensure scalability and consistency.
• Own the quality, consistency, and timeliness of risk assessments and risk data
• Ensure effective execution of risk processes across the organization

What you will have

• Bachelor’s degree in Risk Management, Information Security, Business, Law, or a related field.
• 9+ years of experience in risk management, compliance, governance, or related roles.
• Experience supporting risk management programs in technology-focused or regulated organizations.
• Familiarity with risk management frameworks such as ISO 31000, COSO, or NIST.
• Experience supporting risk assessments, risk registers, and risk reporting.
• Experience supporting Third-Party Risk Management (TPRM) processes is preferred.
• Strong analytical and problem-solving skills.
• Strong written and verbal communication skills.
• Ability to collaborate effectively across technical and business teams.
• Relevant certifications such as CRISC, CISA, CISSP, or CISM are beneficial.

Benefits

• Provident Fund
• Medical Aid + Gap Cover
• Employee Assistance Program
• Gym Reimbursement
• Life Insurance
• Disability Insurance

#LI-SD1

__PRESENT

__PRESENT

__PRESENT

Job summary

We are in the market for a highly motivated PKI Systems Engineer, with specialist skills involving Hardware Security Modules (HSMs), PKI and Key Management who has the ability to work effectively with people & technology.

What you will do

• Install and configure various HSMs and associated systems
• Participate in and contribute to risk management, business continuity management, policy review and compliance audits
• Participate in certificate key management
• Assist in deploying, testing, troubleshooting and maintaining high level of performance, uptime and overall integrity of DigiCert’s global, PKI Management systems.
• Continual system performance analysis and capacity planning
• Integrate third party applications as needed
• Provide regular status and track work relating to assigned projects and tasks
• Incident response as needed to resolve system failures and participate in on-call rotation
• Provide recommendations, cross-training, documentation and other support to team members
• Participate in and contribute to the evaluation, design, analysis, installation and maintenance of PKI system architecture 
• Identify ways to improve and streamline processes and procedures
• Generate, verify and monitor OCSP signers and CRL’s for global distribution
• Every task requires attention to detail with security and compliance in mind
• Other duties and responsibilities as assigned

What you will have

• 1+ years PKI / HSM Experience (essential)
• 3+ years of experience in a similar role in the IT industry
• Auditing experience. example: PCI Pin Security standard/ PCI DSS Audit etc. 
• Qualification in Information Technology or related field of study
• Strong problem-solving and troubleshooting skills
• Enterprise systems administration/management experience
• Interpersonal communication skills and emotional maturity
• Team player with positive attitude
• Self-motivated and effective time management skills
• Knowledge of system, network, storage and information security design concepts and principles
• Experience with Agile methodology working in an agile environment
• A security mindset, and strong attention to detail

Nice to have

• OpenSSL, Thales / Gemalto / Luna SA7, EJBCA, HTTP, DNS, SMTP, NTP, Syslog, SSH, Nginx, Salt, Git, Python, Splunk, Active Directory, CentOS, load balancing, 

Benefits

• Generous time off policies
• Top shelf benefits
• Education, wellness and lifestyle support

DigiCert offers a competitive benefits package for all of our full-time employees. 

DigiCert is an Equal Opportunity employer and is committed to diversity in its workforce. In compliance with applicable federal and state laws, DigiCert prohibits discrimination on the basis of race or ethnicity, religion, color, national origin, sex, age, sexual orientation, gender identity/expression, veteran’s status, status as a qualified person with a disability, or genetic information. Individuals from historically underrepresented groups, such as minorities, women, qualified person with disabilities, and protected veterans are strongly encouraged to apply.

Base salary range $103,000.00-$154,400.00 (actual salary offered to a candidate within this range will depend on a variety of factors including relative levels of experience and education, years in this or essentially similar role, market competition, etc.)

#LI-KK1

Job summary

We're looking for a Senior Penetration Testing Engineer to conduct comprehensive security assessments and support our digital trust initiatives. You'll perform hands-on penetration testing across our applications, infrastructure, and services while contributing to our organization's security posture and customer trust commitments.

What you will do

• Help establish and mature our penetration testing program, methodologies, and standard operating procedures
• Build relationships with stakeholders across product, engineering, and compliance teams
• Create detailed testing reports and security recommendations
• Support risk assessment activities and security control validation
• Conduct comprehensive penetration tests against web applications, APIs, and mobile applications
• Perform network penetration testing and infrastructure security assessments
• Execute social engineering assessments and physical security evaluations
• Test cloud environments and containerized applications for security vulnerabilities
• Conduct red team exercises and adversarial simulations
• Perform threat modeling and attack surface analysis for critical systems
• Support digital trust initiatives and regulatory compliance requirements through security validation testing
• Contribute to security certifications, audit processes, and customer trust commitments
• Assess third-party integrations and vendor security postures

What you will have

• 5+ years in penetration testing, ethical hacking, or offensive security
• Previous experience with standing up a penetration testing program
• Strong knowledge of web application security testing (OWASP methodology)
• Experience with network penetration testing tools and techniques
• Proficiency with testing frameworks (Metasploit, Burp Suite, Nmap, etc.)
• Understanding of cloud security across AWS, Azure, or GCP platforms
• Knowledge of compliance frameworks (SOC 2, PCI DSS, ISO 27001)

Nice to have

• Security certifications (OSCP, CISSP, CEH, GPEN, GWEB)
• Background in digital trust, privacy, or regulatory compliance
• Red team or adversarial simulation experience
• Scripting and automation skills (Python, PowerShell, Bash)

Benefits

• Generous time off policies
• Top shelf benefits
• Education, wellness and lifestyle support

#LI-SS1