08/27/2025 updated
RB
100 % available
Cryptographic, PKI, Encryption Consultant
Milton Keynes, United Kingdom
United Kingdom
Application Programming Interfaces (APIs)Amazon Web ServicesProxy ServersMicrosoft AzureBorder Gateway ProtocolUnixCatalyst (Software)Challenge-Handshake Authentication ProtocolCisco PIXCloud ComputingComputer SecurityCryptographyDynamic Host Configuration ProtocolLinuxDomain Name System (DNS)
Cryptography, FIPS, PCI, APIs, cloud, Key Management, Cyber Security, HSM, Hardware Security Module, Encryption, AZURE Cloud, SSL, Network Security, PCI-DSS, SOX, JWT, AWS, GCP, AZURE, PKI, UNIX, LINUX, firewalls, R70, R75, R76, ISG1000, ISG2000, SSGs, Cisco ASA, Wireshark, TCPDUMP, VPNs, firewall, Bluecoat Proxy Server, Blackberry, Wide Area Networks, PIX, ASA, BGP, HSRP, GLBP, RSTP, network performance, core routing, LAN, WAN, Cisco Catalyst 6500s, routers, Sniffer, Ethereal, CiscoWorks, Ethernet, OSPF, VLANs, STP, DHCP, DNS, DSL, ISDN, Frame Relay, VPN, CHAP, IPSEC, Tacas+, Radius
Languages
EnglishFluent
Project history
Working within the Cyber Security Maturity Improvement Programme for
delivering improvements in the Cryptographic Services space for HSBC
Global Cryptographic Estate . As a Tech Consultant for the Cryptographic
services, my role is to:
* Design and implement Remote Management and pro-active Monitoring for
the global HSM Estate (Thales payShield and nCipher nShield HSMs),
within the Bank.
* Working as a subject matter expert in Cryptography field to support a team
in delivering engagements at scale.
* Providing training and mentorship to BAU teams on technical subjects and
Implementing industry best practice security standards.
* Assist with the Secure Key Management activities during the upgrade of
the Hardware Security Module (HSMs)
* Define and update policies and procedures in line with various regulatory
compliance frameworks (PCI/NIST) for use of the tools and the
responsibilities.
* Producing Business Requirement Documents (BRD), Solution Design
Document (SDD) conforming to the best security practice.
* Defining, discussing and getting approvals for various Critical Success
Factors with Higher Management.
* Identifying, Assessing and raising and managing Risks and Issues through
out different stages of the project.
* Work with Vendors to get resolutions to the issue faced
* Deploying Encryption and Cryptography on the AZURE Cloud using
nCipher Bring Your Own Key (BYOK) Solution.
* Also as part of the project, involved in rolling out the Venafi Trust
Protection Platform for SSL certificates and SSH key management.
delivering improvements in the Cryptographic Services space for HSBC
Global Cryptographic Estate . As a Tech Consultant for the Cryptographic
services, my role is to:
* Design and implement Remote Management and pro-active Monitoring for
the global HSM Estate (Thales payShield and nCipher nShield HSMs),
within the Bank.
* Working as a subject matter expert in Cryptography field to support a team
in delivering engagements at scale.
* Providing training and mentorship to BAU teams on technical subjects and
Implementing industry best practice security standards.
* Assist with the Secure Key Management activities during the upgrade of
the Hardware Security Module (HSMs)
* Define and update policies and procedures in line with various regulatory
compliance frameworks (PCI/NIST) for use of the tools and the
responsibilities.
* Producing Business Requirement Documents (BRD), Solution Design
Document (SDD) conforming to the best security practice.
* Defining, discussing and getting approvals for various Critical Success
Factors with Higher Management.
* Identifying, Assessing and raising and managing Risks and Issues through
out different stages of the project.
* Work with Vendors to get resolutions to the issue faced
* Deploying Encryption and Cryptography on the AZURE Cloud using
nCipher Bring Your Own Key (BYOK) Solution.
* Also as part of the project, involved in rolling out the Venafi Trust
Protection Platform for SSL certificates and SSH key management.
Being part of Network Security team, I have been involved in various tasks.
Some of the responsibilities include:
* Reviewing and managing the Key Management Procedure keeping in
mind the Audit Requirements by various schemes like VISA, and LINK.
* Defining policies to make sure the compliance against Standards like
PCI-PIN, PCI-DSS and SOX.
* Providing consultancy and support to various Payments and web
applications teams about the use of various cryptographic tools like
Digital Signatures or Symmetric Encryption to secure the applications.
* Managing Cloud HSM and associated keys for various applications
requiring Json Web tokens (JWT) to be signed and/or encrypted.
* Implemented the encryption within the Various Cloud (AWS/GCP and
AZURE) environments - Using Various tools like Thales Vormetric, DSM
and Bring your own key (BYOK) solution using the Thales nShield.
* Implementation and management of PKI infrastructure including Internal
and Externally signed Certificates in various different formats
(.pfx/.cer/.p12 etc).
* Evaluated various automated certificate and SSH key management tools
including Venafi, AppViewX and Comodo.
WINDOWS/UNIX/LINUX
Some of the responsibilities include:
* Reviewing and managing the Key Management Procedure keeping in
mind the Audit Requirements by various schemes like VISA, and LINK.
* Defining policies to make sure the compliance against Standards like
PCI-PIN, PCI-DSS and SOX.
* Providing consultancy and support to various Payments and web
applications teams about the use of various cryptographic tools like
Digital Signatures or Symmetric Encryption to secure the applications.
* Managing Cloud HSM and associated keys for various applications
requiring Json Web tokens (JWT) to be signed and/or encrypted.
* Implemented the encryption within the Various Cloud (AWS/GCP and
AZURE) environments - Using Various tools like Thales Vormetric, DSM
and Bring your own key (BYOK) solution using the Thales nShield.
* Implementation and management of PKI infrastructure including Internal
and Externally signed Certificates in various different formats
(.pfx/.cer/.p12 etc).
* Evaluated various automated certificate and SSH key management tools
including Venafi, AppViewX and Comodo.
WINDOWS/UNIX/LINUX
My Role and Responsibilities as a Technical Consultant were:
* Worked on Network Optimization Project as a Technical Lead and
managing a team of up to 5 Technical engineers and provide technical
input on networking environment for secured sites of various clients such
as Bucks County Council, Yell, Debenhams and other large enterprise
networks.
* Liaise with the customers to understand their network, provide reports &
recommendations which meet the technical requirements detailed to
support the success of business opportunities.
* Manage full lifecycle for solutions development test and deployment.
* Generating conceptual, logical, and physical network architectural network
design as per customer's requirements.
* Assisting during the full life cycle of the project lifecycle from ordering and
procurement of kit through to the testing, implementation and support of
global, internal, data and voice communication systems, including Local
Area Networks (LANs), Wide Area Networks (WANs), and voice networks
for big corporate customers like DLA piper, Robert Mcbrides and various
Tier 1 and Tier 2 service providers like Virgin Media, Griffin Internet,
Claranet and Reliance Globalcom.
* Designed and implemented high availability managed solutions utilizing
PIX, ASA, BGP, HSRP, GLBP and RSTP
* Troubleshoot network performance issues, as well as analyse network
traffic and provide capacity planning solutions.
* Provide high level technical support to the Remote Resolution team in
various complex issues relating to Firewalls, VPNs and core routing and
switching.
* Conducting design reviews for various projects for Westminster City
Council and supporting the Wireless Parking Camera infrastructure.
* Liaise with management and support teams in pursuit of technically
excellent network solutions.
* Write technical and business documentation for Remote Resolution Team
to assist them in supporting the solution proposed.
* Visiting Customer Network Sites/Data Centre to perform ongoing
maintenance & network troubleshooting.
* Worked on Network Optimization Project as a Technical Lead and
managing a team of up to 5 Technical engineers and provide technical
input on networking environment for secured sites of various clients such
as Bucks County Council, Yell, Debenhams and other large enterprise
networks.
* Liaise with the customers to understand their network, provide reports &
recommendations which meet the technical requirements detailed to
support the success of business opportunities.
* Manage full lifecycle for solutions development test and deployment.
* Generating conceptual, logical, and physical network architectural network
design as per customer's requirements.
* Assisting during the full life cycle of the project lifecycle from ordering and
procurement of kit through to the testing, implementation and support of
global, internal, data and voice communication systems, including Local
Area Networks (LANs), Wide Area Networks (WANs), and voice networks
for big corporate customers like DLA piper, Robert Mcbrides and various
Tier 1 and Tier 2 service providers like Virgin Media, Griffin Internet,
Claranet and Reliance Globalcom.
* Designed and implemented high availability managed solutions utilizing
PIX, ASA, BGP, HSRP, GLBP and RSTP
* Troubleshoot network performance issues, as well as analyse network
traffic and provide capacity planning solutions.
* Provide high level technical support to the Remote Resolution team in
various complex issues relating to Firewalls, VPNs and core routing and
switching.
* Conducting design reviews for various projects for Westminster City
Council and supporting the Wireless Parking Camera infrastructure.
* Liaise with management and support teams in pursuit of technically
excellent network solutions.
* Write technical and business documentation for Remote Resolution Team
to assist them in supporting the solution proposed.
* Visiting Customer Network Sites/Data Centre to perform ongoing
maintenance & network troubleshooting.