Role - AWS security consultant
Key Responsibilities
· Lead the design and implementation of secure AWS architectures for large-scale, internet-facing systems, ensuring security controls are embedded throughout the solution lifecycle.
· Define and implement encryption strategies across AWS services, including database field-level encryption, client-side encryption, server-side encryption, key management, and cryptographic controls for sensitive data.
· Provide technical leadership on AWS security services including AWS KMS, CloudHSM, IAM, Secrets Manager, GuardDuty, Security Hub, WAF, Shield, and CloudTrail.
· Develop security architecture patterns and standards covering authentication, authorisation, network security, data protection, secure API design, and public/private key cryptography.
· Work closely with engineering, platform, and delivery teams to review designs, perform threat modelling, and ensure security requirements are implemented in line with public sector and government security standards.
Essential Requirements
· Active security clearance (or eligibility to obtain and maintain clearance) with experience delivering security architecture within government, public sector, or similarly regulated environments.
· Strong hands-on AWS security architecture experience, including deep knowledge of AWS encryption mechanisms, AWS KMS, customer-managed keys, key rotation, envelope encryption, and cryptographic best practices.
· Demonstrable expertise in database and application-level encryption, including field-level encryption, client-side encryption, server-side encryption, and a clear understanding of the differences, use cases, and security implications of each approach.
· Strong understanding of asymmetric and symmetric cryptography, including public/private key infrastructure (PKI), certificate management, digital signatures, and secure key exchange principles.
· Proven ability to design security controls for internet-facing systems, including identity and access management, network segmentation, API security, secrets management, monitoring, logging, and threat detection within AWS environments.
Candidates will be expected to demonstrate detailed technical knowledge of AWS encryption patterns, including Client-Side Field Level Encryption (CSFLE), Server-Side Encryption (SSE), envelope encryption, AWS KMS integration, and the practical implementation of cryptographic controls within cloud-native applications.