Overlay Main Banner

Cryptography Solutions Architect

Job Type
Contract/Temporary
Location
London
Salary
Negotiable
Job Ref
BBBH185988_1783607322
Date Added
July 9th, 2026
Consultant
Vanessa Rodrigues

Cryptography Solutions Architect

We are currently recruiting for a Cryptography Solutions Architect with Venafi experience to

join one of our Insurance clients on a 6-month contract.

Inside IR35

Hybrid

Key Responsibilities

  • Design and implement cryptographic key management solutions, ensuring key ownership (HYOK, BYOK) is aligned to risk appetite, covering HSMs, cloud key services (Azure Key Vault, AWS KMS, GCP Cloud KMS), KMaaS, and on-premises key stores.
  • Shape the key sovereignty and crypto-agility and post-quantum readiness strategies for algorithm deprecation and PQC adoption.
  • Align cryptographic controls with regulatory requirements, data sovereignty, data classification & Zero Trust principles, and key sovereignty (BYOK/HYOK/DKE patterns).
  • Produce high-quality architecture artefacts: HLDs, LLDs, reference architecture, architecture decision records (ADRs), design patterns, standards, key hierarchy models, TIME models, technology radars to support engineering and platform teams.
  • Provide SME leadership to support vendor engagement, RFP and technical evaluations, proof-of-value, and architecture assessment for new products and services.
  • Assess the architectural implications of emerging cryptographic technologies and standards (e.g. NIST PQC outputs, homomorphic encryption, MPC), providing informed recommendations on adoption and transition pathways.
  • Collaborate with Engineering, Platform & Operations teams to ensure architectural patterns are translated into practical, operable implementations, consistently embedded into development pipelines, CI/CD workflows, and infrastructure-as-code, promoting a secure-by-design and automation-first culture.
  • Embed cryptography governance and controls in designs, adhering to Cryptography Standards and aligning with NIST, FIPS, ISO27001/2, SOC2, DORA, HIPPA, PCI DSS, and relevant financial services and privacy regulations.

Experience

  • Advanced knowledge of applied cryptography, encryption technologies (including PGP/GPG), key management including cloud-native KMS (Azure/AWS/OCI/GCP), HashiCorp, KMaaS , HSMs, certificates and security protocols.
  • Thorough knowledge and implementation experience automating key lifecycle management, deploying key ownership models (i.e. BYOK/HYOK), key-sovereignty, and key governance tools across hybrid environments (including Azure, AWS, OCI, GCP).
  • Experience with encryption-in-use models and key management specifics.
  • Proven experience building crypto-agility (library baselines, cipher suite standards, algorithm rollout/deprecation) and PQC awareness with pragmatic migration planning.
  • Experience working with cloud infrastructure and microservices (Azure, AWS, OCI), and networking services.
  • Deep understanding of cryptographic algorithms, protocols, and standards, including symmetric and asymmetric cryptography, hashing, digital signatures, and key exchange mechanisms.
  • Broad knowledge of regulatory and controls/frameworks in industry (NIST, FIPS, ISO, IETF, PCI, SOC, CSF, ISO27001, DORA, GDPR, SABSA/TOGAF)
  • Ability to translate cryptographic policy and standards into practical, secure-by-design architecture patterns and engineering-ready solution designs.
  • Experience engaging with engineering, platform, security, and risk teams to embed cryptographic best practices across the technology delivery lifecycle.

Desirable Experience

  • Familiarity with post-quantum cryptographic algorithms and enterprise hybrid transition approaches.
  • Experience with emerging cryptographic techniques i.e. homomorphic encryption, multi-party computation (MPC), threshold cryptography, trusted execution environments (TEEs).
  • Familiarity with cryptographic considerations in DevSecOps pipelines, including secrets management, certificate automation, and policy-as-code.
  • Thorough knowledge of traditional platform delivery approaches, technologies and op models, and a thorough appreciation of the capabilities of the major cloud platforms (Azure, AWS, GCP and OCI).

Guidant, Carbon60, Lorien & SRG - The Impellam Group Portfolio are acting as an Employment Business in relation to this vacancy.

Similar Jobs

Apply to this Job


Share this Job