Sushant Mishra

Lead PKI and Certificate Automation: Architect and maintain Xpki SaaS-based PKI with automated certificate management using Terraform, AWS Lambda, and Python.

HSM Administration: Manage and integrate Thales Luna HSM for secure key storage, signing operations, and compliance with cryptographic policies.

Enterprise Certificate Lifecycle Management: Oversee ACME, SCEP, and custom enrollment workflows for Windows, Linux, and cloud-native environments.

Compliance & Security Standards: Ensure PCI DSS, NIST, and enterprise security policies compliance in cryptographic implementations.

Automated Workflows & Governance: Implement ServiceNow-based approval workflows for certificate issuance, enforcing governance and policy adherence.

API Gateway & Secure Proxy Development: Design a secure certificate issuance proxy integrated with Akamai and AWS API Gateway, handling ACME-based certificate enrollments.

Incident Response & Key Management: Support cryptographic incident investigations, key rotations, and security hardening of PKI environments.

Cloud Security & Encryption Strategies: Collaborate with security and DevOps teams to enhance encryption, key management, and cryptographic best practices across cloud and hybrid environments.

PKI, IDAM, network transformation SASE , Cloud security High Level Design to Low Level Design and implementation.

Working with key PKI technologies such as EJBCA PKI, AppViewX+ Certificate Lifecycle, Microsoft Active Directory Certificate Services, AWS Private CA, including Thales Luna Hardware Security Modules (HSMs)

Sharing Domain knowledge and experience on associated cryptographic protocols, services, and standards

Helping on PKI implementation processes along with PKI integrations, CMP, SCEP, EST, ACME, RestAPI other certificate enrolment practices

Multiple customers Certificate Life Cycle management/operations and automation certificate deployment example - Venafi, AppViewX Cert+, EJBCA, Entrust, globalsign, Sectigo and Comodo

SME+Architecture level work with DNS, Active Directory, ADCS, CRL, OCSP

Streamline certificate request and issuance processes integrating to ServiceNow automation

Hands on experience with:

Automating Domain process using Scripts / Power shell scripting.

Public Key Infrastructure (PKI) Technologies

Certificate Enrollment using Web Services and Web Enrollment using IIS.

Key Recovery Agent and Data Recovery Agent.

Encrypted File Services (EFS)

Network Device Enrollment Services and Smart Card Authentication.

Online Certificate Status Protocol (OCSP).

Worked on Implementation and installation of Public Key Infrastructure.

Worked on Disaster Recovery of Public Key Infrastructure.

Thales HSMs

Linux command line/ Windows server management

Apache, IIS - application expertise

Knowledge of networking technologies, internetworking devices and protocols & Protocols like TCP/IP, HTTP, SSL/TLS, DNS, SMTP etc are mandatory.

A proactive approach to spotting problems, areas for improvement, and fixing performance bottlenecks.

Creating complex technical designs and diagrams using diagram and vector graphics applications (Visio, Lucidchart, etc.)

Exceptional communication skills, both oral and written, coupled with excellent listening skills

As the Security Technical Architect I was responsible for the architecture, design, and testing of the security designs of public and private

cloud infrastructure for end-to-end solutions aligned to the organizational standards. I worked with very reputed customers like British

Petroleum (BP UK ), E.O.N (UK ) , RWE (UK) , INNOGY(Germany). Below are summary of my involvement where I was also involved to be

able to bridge the gap between business and technology, manage resources, run evaluations, and drive technical solutions to timely

completion. The role also required to work closely with a wide variety of customer teams from senior managers to development team,

vendors, infrastructure teams and business representatives to generate appropriate results, and help the business understand the solutions

and their impact on operations.

• Risk-based architecture and design using vulnerability analysis.

• Identity management, user provisioning, entitlements, access control, authentication, and authorisation.

• Infrastructure architecture including Kubernetes/Docker, Layer 3/4/7 Firewalls, Directory Services, Application Delivery

Controllers, Gateways, DNS and Proxies.

• Securing applications, databases, middleware, networks and infrastructure.

prevention.

• Implementing cryptographic algorithms and PKI technologies implemented in software and hardware for data-at-rest and data-in-

transit.

• Delivering security solution architecture from end-to-end.

• Implementing best practices for monitoring, security, and deployment.

• Working as part of Development and project life cycles, including Agile methods.

• Creating HLD and LLD for |Active Directory and PKI

• Writing SOP and giving handover to BAU team along with technology training.

• Active Directory and server hardening using GPO

• Installing and configuring quest or ADMT for entire migration.

Worked as Support engineer and Technical lead. Providing voice-based technical support to global customers Troubleshooting Windows

server 2003, 2003R2 2008, 2008R2, 2012 and 2012 R2. Leading and helping other team members to be successful on their roles too.

• Hands on experience of Group policy Management and Troubleshooting

• Managing Active Directory domain on Windows Server Operating System Platforms.

• Managing DFS and FRS ,Implementation of Child, Tree and Additional Domain Controllers

• Managing Trust Relationships between domain; Troubleshooting Kerberos and other Authentication Issues.

• Active Directory Certificate Services and Troubleshooting

• Certificate Enrolment using Web Services and Web Enrolment using IIS.

• Key Recovery Agent and Data Recovery Agent.

• Encrypted File Services (EFS) , Network Device Enrolment Services and Smart Card Authentication.

• Online Certificate Status Protocol (OCSP).

• Managing and reviewing cases of team, Helping on cases where engineers have technical roadblock

• Helping management with daily case closure and other data.

• Providing training for Microsoft PKI.

• Helping in recruitment of new engineers. Helping engineers in data analysis and RCA.

• Worked on Implementation and installation of Public Key Infrastructure. Worked on Disaster Recovery of Public Key Infrastructure

I worked with BM Daksh as voice based technical support engineer focused on virgin media broadband . It required a lot of process and

technical depth and problem solving skills . Helping customers and resolving issues in timely manner is my key strength and grateful for

this start of experience which make best use of my customer skills too.