Exciting opportunity for a skilled technician with excellent interpersonal skills who is able to learn and adapt to work across both legacy and new technologies as part of a live system transitioned programme. • Design and architect enterprise-grade PKI solutions (including internal/external CA, OCSP, CRL, HSM integration). • Develop and enforce policies, standards, and procedures for digital certificate lifecycle management. • Implement and maintain Certificate Authorities (CAs), Registration Authorities (RAs), and associated infrastructure. • Ensure secure deployment and configuration of PKI across enterprise systems, endpoints, applications, and devices (including IoT and mobile). • Collaborate with IDAM, DevOps, and cloud security teams to integrate PKI with broader identity and security architectures. • Provide technical leadership in incident response and troubleshooting related to certificates and encryption. • Stay current with industry standards, compliance requirements (e.g., NIST, FIPS, ISO 27001), and emerging cryptographic technologies (e.g., quantum-safe cryptography) • Document when required all architectures, policies, procedures, and system configurations related to PKI. • Provide mentoring and knowledge transfer to junior members of the team and other stakeholders. Required Qualifications: • Degree in computer science, Information Security, or a related field. • Significant years of experience in IT Security or Infrastructure with at least 3 years in PKI architecture and management. • Deep knowledge of PKI components: CAs, HSMs, OCSP, CRLs, SCEP, etc. • Hands-on experience with tools such as Microsoft ADCS, Thales HSM’s (Luna etc ), DigiCert, OpenSSL. • Familiarity with certificate usage in TLS, S/MIME, code signing, document signing, VPN, smart cards, and secure email. • Understanding of encryption algorithms (RSA, ECC, AES), hash functions (SHA-2, SHA-3), and key management practices. • Experience in designing secure architectures in hybrid or cloud environments (e.g., AWS, Azure). • Knowledge of compliance and regulatory standards such as PCI DSS, HIPAA, SOX, GDPR, NIST 800-53. Preferred Qualifications: • Certifications: CISSP, CISM, CEH, GIAC, Microsoft Certified: Identity and Access, or other IDAM equivalent Technologies. • Experience with Zero Trust Architecture and Identity Federation. • Exposure to quantum-safe cryptography principles and roadmaps (Not Essential) Soft Skills: • Strong analytical, problem-solving and communication skills. • Ability to manage competing priorities in a fast-paced environment. • Team player with the ability to lead cross-functional teams. Please note: It’s still worth applying even if you do not meet all the requirements above. We are passionate about investing in you and your career and if you have the transferable skills/ background with PKI and the ability to obtain a high level of UK Security clearance this could be the next opportunity for you.