Cloud Security Engineer

Cloud Security Engineer

Inside IR35, £550

Fully remote

ASAP start, short term contract through till end of June 2026

The Role

We are looking for an experienced Cloud Security Engineer (Azure PKI) to take a hands-on role in delivering a pre-defined enterprise PKI solution.

You'll be responsible for implementing and integrating PKI capabilities within Azure, enabling secure certificate lifecycle management, and supporting the onboarding of workloads across key platforms.

This is a delivery-focused, hands-on role, ideal for someone with deep expertise in Azure Key Vault, PKI, and certificate automation.

Key Responsibilities

Implement and integrate an enterprise PKI solution (e.g. DigiCert or equivalent) within Azure
Configure Azure Key Vault for certificate and key management (RBAC, private endpoints, rotation)
Enable certificate lifecycle management including issuance, renewal, and automation
Support TLS enforcement and mTLS implementation across services
Integrate certificates into Azure services and CI/CD pipelines
Support secure onboarding of platforms including AKS, App Gateway, and APIs
Assess and support hybrid PKI integration (where applicable)
Define and enforce certificate governance standards (e.g. no self-signed certs, revocation policies, auditing)
Produce clear, client-ready documentation and implementation standards

Core Skills & Experience

Strong experience with Azure Key Vault (certificates, keys, RBAC)
Deep understanding of PKI fundamentals (CA hierarchy, CRL/OCSP, certificate issuance & revocation)
Proven experience in certificate lifecycle automation
Strong knowledge of TLS / mTLS implementation
Experience integrating security into cloud platforms and CI/CD pipelines

Nice to Have

Experience with DigiCert or similar enterprise PKI providers
Exposure to AKS, Application Gateway, and API security
Understanding of hybrid PKI environments (e.g. AD CS integration)