All Jobs Vacancy

Cryptography Solutions Architect

Posted 3 days ago by Lorien

Summary: The Cryptography Solutions Architect role involves designing and implementing cryptographic key management solutions for an insurance client on a 6-month contract. The position requires expertise in cryptography, regulatory compliance, and collaboration with engineering teams to ensure secure implementations. The role is classified as inside IR35 and offers a hybrid working arrangement.

Key Responsibilities:

  • Design and implement cryptographic key management solutions, ensuring key ownership (HYOK, BYOK) is aligned to risk appetite, covering HSMs, cloud key services (Azure Key Vault, AWS KMS, GCP Cloud KMS), KMaaS, and on-premises key stores.
  • Shape the key sovereignty and crypto-agility and post-quantum readiness strategies for algorithm deprecation and PQC adoption.
  • Align cryptographic controls with regulatory requirements, data sovereignty, data classification & Zero Trust principles, and key sovereignty (BYOK/HYOK/DKE patterns).
  • Produce high-quality architecture artefacts: HLDs, LLDs, reference architecture, architecture decision records (ADRs), design patterns, standards, key hierarchy models, TIME models, technology radars to support engineering and platform teams.
  • Provide SME leadership to support vendor engagement, RFP and technical evaluations, proof-of-value, and architecture assessment for new products and services.
  • Assess the architectural implications of emerging cryptographic technologies and standards (eg NIST PQC outputs, homomorphic encryption, MPC), providing informed recommendations on adoption and transition pathways.
  • Collaborate with Engineering, Platform & Operations teams to ensure architectural patterns are translated into practical, operable implementations, consistently Embedded into development pipelines, CI/CD workflows, and infrastructure-as-code, promoting a secure-by-design and automation-first culture.
  • Embed cryptography governance and controls in designs, adhering to Cryptography Standards and aligning with NIST, FIPS, ISO27001/2, SOC2, DORA, HIPPA, PCI DSS, and relevant financial services and privacy regulations.

Key Skills:

  • Advanced knowledge of applied cryptography, encryption technologies (including PGP/GPG), key management including cloud-native KMS (Azure/AWS/OCI/GCP), HashiCorp, KMaaS, HSMs, certificates and security protocols.
  • Thorough knowledge and implementation experience automating key life cycle management, deploying key ownership models (ie BYOK/HYOK), key-sovereignty, and key governance tools across hybrid environments (including Azure, AWS, OCI, GCP).
  • Experience with encryption-in-use models and key management specifics.
  • Proven experience building crypto-agility (library baselines, cipher suite standards, algorithm rollout/deprecation) and PQC awareness with pragmatic migration planning.
  • Experience working with cloud infrastructure and microservices (Azure, AWS, OCI), and networking services.
  • Deep understanding of cryptographic algorithms, protocols, and standards, including symmetric and asymmetric cryptography, hashing, digital signatures, and key exchange mechanisms.
  • Broad knowledge of regulatory and controls/frameworks in industry (NIST, FIPS, ISO, IETF, PCI, SOC, CSF, ISO27001, DORA, GDPR, SABSA/TOGAF)
  • Ability to translate cryptographic policy and standards into practical, secure-by-design architecture patterns and engineering-ready solution designs.
  • Experience engaging with engineering, platform, security, and risk teams to embed cryptographic best practices across the technology delivery life cycle.

Salary (Rate): undetermined

City: London

Country: UK

Working Arrangements: hybrid

IR35 Status: inside IR35

Seniority Level: undetermined

Industry: IT

Cryptography Solutions Architect

We are currently recruiting for a Cryptography Solutions Architect with Venafi experience to join one of our Insurance clients on a 6-month contract.

Inside IR35

Hybrid

Key Responsibilities

  • Design and implement cryptographic key management solutions, ensuring key ownership (HYOK, BYOK) is aligned to risk appetite, covering HSMs, cloud key services (Azure Key Vault, AWS KMS, GCP Cloud KMS), KMaaS, and on-premises key stores.
  • Shape the key sovereignty and crypto-agility and post-quantum readiness strategies for algorithm deprecation and PQC adoption.
  • Align cryptographic controls with regulatory requirements, data sovereignty, data classification & Zero Trust principles, and key sovereignty (BYOK/HYOK/DKE patterns).
  • Produce high-quality architecture artefacts: HLDs, LLDs, reference architecture, architecture decision records (ADRs), design patterns, standards, key hierarchy models, TIME models, technology radars to support engineering and platform teams.
  • Provide SME leadership to support vendor engagement, RFP and technical evaluations, proof-of-value, and architecture assessment for new products and services.
  • Assess the architectural implications of emerging cryptographic technologies and standards (eg NIST PQC outputs, homomorphic encryption, MPC), providing informed recommendations on adoption and transition pathways.
  • Collaborate with Engineering, Platform & Operations teams to ensure architectural patterns are translated into practical, operable implementations, consistently Embedded into development pipelines, CI/CD workflows, and infrastructure-as-code, promoting a secure-by-design and automation-first culture.
  • Embed cryptography governance and controls in designs, adhering to Cryptography Standards and aligning with NIST, FIPS, ISO27001/2, SOC2, DORA, HIPPA, PCI DSS, and relevant financial services and privacy regulations.

Experience

  • Advanced knowledge of applied cryptography, encryption technologies (including PGP/GPG), key management including cloud-native KMS (Azure/AWS/OCI/GCP), HashiCorp, KMaaS, HSMs, certificates and security protocols.
  • Thorough knowledge and implementation experience automating key life cycle management, deploying key ownership models (ie BYOK/HYOK), key-sovereignty, and key governance tools across hybrid environments (including Azure, AWS, OCI, GCP).
  • Experience with encryption-in-use models and key management specifics.
  • Proven experience building crypto-agility (library baselines, cipher suite standards, algorithm rollout/deprecation) and PQC awareness with pragmatic migration planning.
  • Experience working with cloud infrastructure and microservices (Azure, AWS, OCI), and networking services.
  • Deep understanding of cryptographic algorithms, protocols, and standards, including symmetric and asymmetric cryptography, hashing, digital signatures, and key exchange mechanisms.
  • Broad knowledge of regulatory and controls/frameworks in industry (NIST, FIPS, ISO, IETF, PCI, SOC, CSF, ISO27001, DORA, GDPR, SABSA/TOGAF)
  • Ability to translate cryptographic policy and standards into practical, secure-by-design architecture patterns and engineering-ready solution designs.
  • Experience engaging with engineering, platform, security, and risk teams to embed cryptographic best practices across the technology delivery life cycle.

Desirable Experience

  • Familiarity with post-quantum cryptographic algorithms and enterprise hybrid transition approaches.
  • Experience with emerging cryptographic techniques ie homomorphic encryption, multi-party computation (MPC), threshold cryptography, trusted execution environments (TEEs).
  • Familiarity with cryptographic considerations in DevSecOps pipelines, including secrets management, certificate automation, and policy-as-code.
  • Thorough knowledge of traditional platform delivery approaches, technologies and op models, and a thorough appreciation of the capabilities of the major cloud platforms (Azure, AWS, GCP and OCI).

Guidant, Carbon60, Lorien & SRG - The Impellam Group Portfolio are acting as an Employment Business in relation to this vacancy.

Rate:
£0/year
Location:
London
IR35 Status:
Inside
Remote Status:
Hybrid
Industry:
IT
Seniority Level:
Not Specified

Take-Home Pay

Not Available

Visit calculators for additional details

Create a free account to view the take-home pay for this contract

Share job