Security Architect Encryption & Key Management

Detailed Description From Employer:

Title: Solutions Architect Encryption

Location: Remote

Duration: 6 Months+

Responsibilities:

Data Encryption & Protection

• Design and implement enterprise-wide encryption strategies covering data at rest, in transit, and in use.
• Deploy and manage Transparent Data Encryption (TDE) across database platforms including Oracle, SQL Server, and PostgreSQL.
• Implement encryption for storage systems SAN, NAS, object storage, and backup infrastructure ensuring consistent key management and access controls.
• Conduct cryptographic risk assessments and remediation planning across existing systems and infrastructure.

PKI & Key Management

• Architect, deploy, and maintain Public Key Infrastructure (PKI), including CA hierarchies, certificate lifecycle management, and trust policies.
• Administer enterprise key management platforms Azure Key Vault, Oracle Vault, and HSM-backed solutions enforcing key rotation, separation of duties, and audit logging.
• Develop and document key management policies, procedures, and standards aligned with NIST, FIPS 140-2/3, and internal compliance requirements.

Cloud Encryption

• Implement and enforce encryption baselines across Microsoft Azure and Oracle Cloud Infrastructure (OCI), including customer-managed key (CMK) configurations.
• Collaborate with cloud and DevOps teams to embed cryptographic controls natively into cloud-native architectures and deployment pipelines.
• Evaluate and onboard cloud-agnostic key management solutions (e.g. Fortanix DSM) to provide consistent controls across multi-cloud environments.
• Product & Innovation Enablement
• Partner with product managers and engineering teams to embed cryptographic capabilities encryption, tokenization, digital signatures, secure enclaves into new product development from day one.
• Advise on cryptographic protocol selection, key exchange mechanisms, and data protection patterns for customer-facing and internal products.
• Identify opportunities to leverage emerging cryptographic techniques (e.g. homomorphic encryption, confidential computing) to create competitive product differentiation.
• Autonomous Delivery & Documentation
• Independently manage end-to-end delivery of cryptographic projects from scoping and architecture through implementation, testing, and handover.
• Produce technical design documents, runbooks, and SOPs that enable operational continuity and knowledge transfer.
• Stay current with evolving cryptographic standards, vulnerabilities (e.g. algorithm deprecations), and industry best practices, proactively acting on findings.

Qualifications:

• Core Cryptography & Encryption (Required)
• 5+ years of hands-on experience in cryptography engineering or information security, with a focus on applied encryption.
• Strong theoretical and practical knowledge of cryptographic primitives: AES, RSA, ECC, SHA-2/3, TLS 1.2/1.3