Cloud Security Engineer

Cloud Security Engineer

Inside IR35, £550

Fully remote

ASAP start, short term contract through till end of June 2026

The Role

We are looking for an experienced Cloud Security Engineer (Azure PKI) to take a hands-on role in delivering a pre-defined enterprise PKI solution.

You'll be responsible for implementing and integrating PKI capabilities within Azure, enabling secure certificate lifecycle management, and supporting the onboarding of workloads across key platforms.

This is a delivery-focused, hands-on role, ideal for someone with deep expertise in Azure Key Vault, PKI, and certificate automation.

Key Responsibilities

• Implement and integrate an enterprise PKI solution (e.g. DigiCert or equivalent) within Azure
• Configure Azure Key Vault for certificate and key management (RBAC, private endpoints, rotation)
• Enable certificate lifecycle management including issuance, renewal, and automation
• Support TLS enforcement and mTLS implementation across services
• Integrate certificates into Azure services and CI/CD pipelines
• Support secure onboarding of platforms including AKS, App Gateway, and APIs
• Assess and support hybrid PKI integration (where applicable)
• Define and enforce certificate governance standards (e.g. no self-signed certs, revocation policies, auditing)
• Produce clear, client-ready documentation and implementation standards

Core Skills & Experience

• Strong experience with Azure Key Vault (certificates, keys, RBAC)
• Deep understanding of PKI fundamentals (CA hierarchy, CRL/OCSP, certificate issuance & revocation)
• Proven experience in certificate lifecycle automation
• Strong knowledge of TLS / mTLS implementation
• Experience integrating security into cloud platforms and CI/CD pipelines

Nice to Have

• Experience with DigiCert or similar enterprise PKI providers
• Exposure to AKS, Application Gateway, and API security
• Understanding of hybrid PKI environments (e.g. AD CS integration)