Cloud Security Engineer

Cloud Security Engineer

Inside IR35, £550

Fully remote

ASAP start, short term contract through till end of June 2026

The Role

We are looking for an experienced Cloud Security Engineer (Azure PKI) to take a hands-on role in delivering a pre-defined enterprise PKI solution.

You'll be responsible for implementing and integrating PKI capabilities within Azure, enabling secure certificate lifecycle management, and supporting the onboarding of workloads across key platforms.

This is a delivery-focused, hands-on role, ideal for someone with deep expertise in Azure Key Vault, PKI, and certificate automation. Key Responsibilities

Implement and integrate an enterprise PKI solution (e.g. DigiCert or equivalent) within Azure

Configure Azure Key Vault for certificate and key management (RBAC, private endpoints, rotation)

Enable certificate lifecycle management including issuance, renewal, and automation

Support TLS enforcement and mTLS implementation across services

Integrate certificates into Azure services and CI/CD pipelines

Support secure onboarding of platforms including AKS, App Gateway, and APIs

Assess and support hybrid PKI integration (where applicable)

Define and enforce certificate governance standards (e.g. no self-signed certs, revocation policies, auditing)

Produce clear, client-ready documentation and implementation standards

Core Skills & Experience

Strong experience with Azure Key Vault (certificates, keys, RBAC)

Deep understanding of PKI fundamentals (CA hierarchy, CRL/OCSP, certificate issuance & revocation)

Proven experience in certificate lifecycle automation

Strong knowledge of TLS / mTLS implementation

Experience integrating security into cloud platforms and CI/CD pipelines

Nice to Have

Experience with DigiCert or similar enterprise PKI providers

Exposure to AKS, Application Gateway, and API security

Understanding of hybrid PKI environments (e.g. AD CS integration)