Role description: (Please include a brief outline of the impact this role will have, including overview of customer industry and projects, access to cutting-edge technology etc.)
Looking for an experienced AWS HSM SME (Hardware Security Module Subject Matter Expert) to support the implementation of Microsoft Active Directory Certificate Services (ADCS) Public Key Infrastructure (PKI).This role will be responsible for designing, deploying, and managing AWS CloudHSM and integrating it with PKI infrastructure to ensure a secure and scalable cryptographic environment.
The ideal candidate should have deep expertise in AWS CloudHSM, key management, and encryption practices along with a strong understanding of PKI implementations, digital certificates, and compliance requirements.
Key responsibilities:
AWS HSM & PKI Implementation:
1.Architect, deploy, and configure AWS CloudHSM to support Microsoft ADCS PKI.
2.Integrate AWS CloudHSM with certificate authorities (CAs), OCSP responders, and CRL management.
3.Design and manage key lifecycle policies, including generation, storage, rotation, and decommissioning.
4.Implement secure certificate issuance, revocation, and validation processes.
5.Ensure high availability and failover strategies for HSM deployments
6.Provide technical guidance on cryptographic algorithms, encryption protocols, and PKI best practices.
Security & Compliance:
1.Ensure HSM and PKI implementation aligns with FIPS 140-2 Level 3, NIST 800-57, ISO 27001, SOC2, GDPR, and other industry standards
2.Implement role-based access control (RBAC) and audit logging for key usage and management
3.Perform risk assessments, security reviews, and compliance reporting for AWS HSM and PKI
4.Collaborate with security teams to enforce cloud security best practices and IAM policies
Technical Support & Optimisation:
1.Troubleshoot cryptographic operations, certificate issues, and key management challenges
2.Work with cross-functional teams to optimise AWS HSM performance, security, and scalability
3.Automate PKI workflows, certificate issuance, and key management where applicable.
4.Document designs, configurations, and operational procedures for AWS CloudHSM and PKI
Key skills/knowledge/experience: (Up to 10, Avoid repetition)
AWS & HSM Expertise:
1.8+ years of experience in AWS CloudHSM, AWS KMS, and cryptographic key management.
2.Deep expertise in HSM architecture, security policies, and key lifecycle management.
3.Hands-on experience with AWS security services (IAM, EC2, VPC, CloudTrail, KMS, AWS Organizations, etc.).
4.Understanding of FIPS-compliant cryptographic standards and certificate lifecycle management
PKI & Cryptography Knowledge:
1.Strong knowledge of Microsoft ADCS PKI, X.509 certificates, CA hierarchy, and OCSP/CRL management
2.Experience with TLS/SSL encryption, authentication protocols, and certificate-based security models
3.Familiarity with PKI integration in cloud and hybrid enterprise environments
Security & Compliance:
1.Experience implementing security controls aligned with regulatory standards (e.g., ISO 27001, NIST 800-57, GDPR)
2.Understanding of cryptographic key usage policies, data protection, and cloud security best practices
Person specification: I.e., negotiating, client facing, communication, assertive, team leading/team member skills, supportive.
1.Good communication skills and stakeholder management skills
2.Good team player