AWS HSM SME - 6 months - Hybrid (Luton) - Inside IR35

Hamilton Barnes is currently seeking an experienced AWS HSM SME (Hardware Security Module Subject Matter Expert) to join a market leading organisation. In this role, you will play a key part in the end-end implementation of Microsoft Active Directory Certificate Services (ADCS) Public Key Infrastructure (PKI), ensuring a secure and scalable cryptographic environment.

This is an initial 6-month contract, with strong potential for extension, working hybrid in Luton while offering an exciting opportunity to work with cutting-edge security technologies in a highly regulated and security-focused environment.

Key Responsibilities:

• Architect, deploy, and configure AWS CloudHSM to support Microsoft ADCS PKI.
• Integrate AWS CloudHSM with certificate authorities (CAs), OCSP responders, and CRL management.
• Design and manage key life cycle policies, including generation, storage, rotation, and decommissioning.
• Provide technical guidance on cryptographic algorithms, encryption protocols, and PKI best practices.
• Ensure HSM and PKI implementation aligns with FIPS 140-2 Level 3, NIST 800-57, ISO 27001, SOC2, GDPR, and other security standards.
• Implement role-based access control (RBAC) and audit logging for key usage and management.
• Perform risk assessments, security reviews, and compliance reporting for AWS HSM and PKI.
• Troubleshoot cryptographic operations, certificate issues, and key management challenges.
• Automate PKI workflows, certificate issuance, and key management where applicable.
• Document designs, configurations, and operational procedures for AWS CloudHSM and PKI.

What You Will Ideally Bring:

• Strong experience in AWS CloudHSM, AWS KMS, and cryptographic key management.
• Deep expertise in HSM architecture, security policies, and key life cycle management.
• Hands-on experience with AWS security services (IAM, EC2, VPC, CloudTrail, KMS, AWS Organizations, etc.).
• Understanding of FIPS-compliant cryptographic standards and certificate life cycle management.
• Strong knowledge of Microsoft ADCS PKI, X.509 certificates, CA hierarchy, and OCSP/CRL management.
• Experience with TLS/SSL encryption, authentication protocols, and certificate-based security models.
• Familiarity with PKI integration in cloud and hybrid enterprise environments.
• Experience implementing security controls aligned with regulatory standards (eg, ISO 27001, NIST 800-57, GDPR).
• Understanding of cryptographic key usage policies, data protection, and cloud security best practices.

Contract Details:

• Duration: 6 months (View for Extension)
• Location: Luton (Hybrid/2 days per week on-site)
• Day Rate: Up to £525 per day (Inside IR35)

AWS HSM SME - 6 months - Hybrid (Luton) - Inside IR35