About PepsiCo

PepsiCo is one of the world's leading food and beverage companies, with a diverse portfolio that includes iconic brands like Pepsi, Gatorade, Lay's, Quaker, and Tropicana. Operating in over 200 countries, PepsiCo employs over 300,000 people globally and generates annual revenues exceeding $86 billion. At PepsiCo, innovation drives everything—from sustainable packaging to digital transformation. Our Global Identity and Access Management (IAM) team plays a critical role in securing our vast digital ecosystem, ensuring robust protection for our operations worldwide. Joining PepsiCo means contributing to a company committed to positive change, including net-zero emissions by 2040 and healthier food options.

Role Overview

The PKI Architect – Identity & Access Management role is a pivotal position within PepsiCo’s Global IAM team, based at our FLNA headquarters in Plano, Texas. This hands-on expert will own enterprise PKI platforms, including Microsoft Active Directory Certificate Services (AD CS), public CAs like DigiCert and Entrust, and certificate lifecycle management tools. You'll design, deploy, and operate PKI services supporting global digital certificates, cryptography, non-human identity (NHI) management, and encryption needs. As the go-to SME for certificate-based trust and automation, you'll balance strategic engineering with daily operations, preventing outages and enabling secure digital trust across hybrid environments.

Why This Role Matters at PepsiCo

In a world of increasing cyber threats, PKI is the backbone of secure communications. At PepsiCo, you'll safeguard supply chains, cloud infrastructures, and SaaS applications, directly impacting business continuity and innovation.

Key Responsibilities

This role demands end-to-end ownership of PKI operations. Key duties include:

• Engineering PKI designs and cross-functional integrations for global environments.
• Assisting users with SSL certificate requests, issuance, and provisioning to AWS, Java JKS, Windows servers, IIS, Apache, Tomcat, Azure Key Vault, and F5 load balancers.
• Managing NHI discovery, incidents, alerts, and service requests via ITSM tools like ServiceNow.
• Issuing internal/external CA certificates, domain management for Entrust SSL, CSR generation, and format conversions using OpenSSL.
• Tracking certificate expiries, sending proactive notifications, and preparing weekly/monthly reports on tickets and alerts.
• Configuring AD CS, CRL, OCSP services; managing Thales HSM; and maintaining CPS, architecture, and runbooks.
• Collaborating with stakeholders, collecting feedback, and ensuring seamless handoffs.

Qualifications & Requirements

To succeed, candidates need:

• Bachelor’s degree in technology or engineering.
• 12+ years in IT/security; 10+ years in PKI, cryptography/encryption, NHI, and EKCLM.
• In-depth knowledge of AD CS, CRL/OCSP, cryptographic protocols, certificate auth, and device trust.
• Hands-on with public CAs, CLM tools (Venafi, AppviewX, Keyfactor), Thales HSM, Azure/AWS PKI/SaaS.
• Proficiency in PowerShell scripting, API automation, Active Directory, and ITSM processes (request, incident, change management).
• Strong teamwork, leadership, multicultural collaboration, and communication skills.

Mandatory Skills Highlights

Expertise in cloud platforms, scripting, and non-tech abilities like stakeholder management are essential for this high-impact role.

Benefits & Perks

PepsiCo offers a total rewards package designed for well-being and growth:

• Salary range: $93,500 - $156,450 USD, based on experience/location.
• 10% annual performance bonus.
• Comprehensive health benefits: medical, dental, vision, disability, FSA/HSA.
• Generous PTO: vacation, sick, parental leave, bereavement.
• Retirement savings with company match, EAP, accident/life insurance, legal support.
• Hybrid work options at Plano HQ, professional development, and global exposure.

Career Growth

PepsiCo invests in talent through leadership programs, certifications (e.g., CISSP, PKI-specific), and rotations across IAM, cybersecurity, and cloud teams. Advance to Senior Architect, IAM Director, or global security leadership. Our multicultural environment fosters mentorship and innovation, with 90% internal promotions in tech roles.

Why Join Us

Be part of PepsiCo's digital transformation in Plano, TX—a vibrant tech hub. Enjoy stability, impact, and perks in a collaborative culture. Secure the future of a global giant while advancing your PKI expertise. PepsiCo values diversity, equity, and inclusion, offering equal opportunities for all.

Role FAQs

Q: Is this a remote role? Primarily on-site at Plano, TX, with hybrid flexibility.
Q: What tools will I use? AD CS, Venafi/Keyfactor, ServiceNow, PowerShell, OpenSSL, AWS/Azure.
Q: Experience level? Senior-level with 10+ years PKI.
Q: Bonus details? 10% target, performance-based, annual payout.
Q: How to apply? Connect with our recruiter for personalized salary discussion.