PKI Architect and Subject Matter Expert

Company cultures & job summary

Our client is looking for an experienced PKI Architect and Subject Matter Expert to lead the design, build, and assurance of PKI services within secure, air gapped environments. You'll need proven hands-on experience with offline PKI platforms, certificate lifecycle management, and cryptographic governance, this is a high-assurance role supporting UK defence programmes.

Working Patterns and location – Fully on site

·        Lead architecture, design and delivery of PKI platforms operating in offline and airgapped environments.

·        Define and implement PKI components including offline Root CA, Issuing CAs, RAs, OCSP/CRL services and certificate lifecycle processes.

·        Develop secure, repeatable mechanisms for certificate and revocation data transfer into and out of airgapped environments.

·        Establish and maintain cryptographic governance including Certificate Policy and Certificate Practice Statements (CP/CPS).

·        Design secure key management processes covering generation, storage, backup, escrow, destruction and compromise handling.

·        Produce and maintain formal design and assurance documentation, including HLDs, LLDs, SOPs and key ceremony scripts.

·        Provide technical input into risk assessments, accreditation evidence packs and security architecture documentation.

·        Engage with internal and external stakeholders across security, infrastructure and delivery teams within secure customer facilities.

·        Proven experience as a PKI Architect or senior PKI SME within complex, high-assurance enterprise environments.

·        Hands-on experience designing and building PKI platforms in offline or airgapped environments, including controlled import/export and CRL/OCSP strategies for disconnected networks.

·        Strong knowledge of PKI concepts including X.509 certificates, trust chains, certificate lifecycle management and CRL/Delta CRL design.

·        Solid understanding of cryptography fundamentals including algorithm selection, key sizes, HSM operations, secure key ceremonies and dual control.

·        Experience designing secure operational models covering break-glass procedures, compromise response, monitoring, logging and evidence generation.

·        Demonstrable experience producing formal technical documentation including HLDs, LLDs, security architecture docs and SOPs.

·        Working knowledge of MOD and UK Government security standards including JSP 440, JSP 604, JSP 453, NCSC Cyber Security Design Principles and MOD Secure by Design.

·        Strong stakeholder engagement skills with the ability to brief both technical and non-technical audiences clearly.

The client would also like to see some of the below, but this is not essential:

·        Experience working in the Defence and/or Aerospace sector delivering into regulated, high-assurance environments.

·        Experience with Microsoft AD CS architectures including offline root, issuing CA tiers and template governance.

·        Experience implementing PKI for device identity, user authentication, mutual TLS, code signing or S/MIME use cases.

·        Familiarity with HSM assurance requirements and experience conducting or supporting formal key ceremonies.

·        Flexible working arrangements.

·        Provide expert financial guidance to help you select a pension plan tailored to your lifestyle.

·        Company culture that places a premium on achieving a healthy work-life balance.

·        Offer competitive bonuses and generous compensation packages.

·        Prioritise traits such as curiosity and a good-natured sense of humour.

·        Encourage and assist staff in participating in local community initiatives.

·        25 days holiday + bank holidays

·        Buy/Sell holiday

·        Death in Service – 3x salary

·        Performance Bonus

·        Cycle to work scheme

·        Pension Scheme

Our client is committed to providing a diverse and inclusive workplace and welcomes applications from all backgrounds.

Part-time opportunities/flexible working is available to suit individual needs.

Please note that the client has determined that the off-payroll working rules will apply to this assignment and therefore this contract will be run through an Umbrella Company. Income tax and primary national insurance contributions will be deducted at source from any payments made to the intermediary.

RECOMMEND A FRIEND: If you have professional friends/colleagues who would be interested in one of our roles and our excellent levels of service too, we'd like to recognise your recommendations with a 'thank you' of our own. For every friend you refer who then starts a role through Datasource either Contract or Permanent, we will send you £200 of Love to Shop Gift Vouchers & gift your friend £100 in Love to Shop Gift Vouchers as well!

You will be required to hold a minimum of DV Clearance. If you do not hold an active DV Clearance, please familiarise yourself with the vetting process before applying.

(c) Copyright Datasource Computer Employment Limited 2026.