Cloud Crypto Architect

Job Title : Cloud Crypto Architect.

Location : Bangalore / Gurugram / Noida.

Experience : 7+ Years.

Role Overview :

We are seeking a highly skilled Cloud Crypto Architect to design, implement, and manage cryptographic solutions that secure sensitive data in cloud environments.

The ideal candidate will have a strong background in cryptography, key management, and cloud-native security practices.

You will collaborate with engineering, security, and compliance teams to ensure data protection, regulatory compliance, and secure communication across multiple cloud service providers (CSPs).

Key Responsibilities :

Cryptography & Key Management :

- Implement secure Key Management Systems (KMS), including management of keys, certificates, and cryptographic assets.

- Ensure secure key lifecycle management (generation, distribution, storage, rotation, and retirement).

- Work with Certificate Authorities to issue, manage, and validate certificates.

Cloud Security Architecture :

- Design cryptographic controls aligned with CSP-native services (AWS KMS, Azure Key Vault, GCP KMS, etc.

- Define and enforce secure Key Exchange mechanisms between CSPs and enterprise systems.

- Assist with Service Control Policies (SCPs) to ensure adherence to security baselines.

Automation & Infrastructure as Code (IaC) :

- Prototype, build, and maintain GitHub and Terraform modules for cryptographic services (KMS, certificates, and other assets).

- Automate provisioning of cryptographic resources and integrate with CI/CD pipelines.

Application & Data Protection :

- Build and deploy custom applications for encryption, tokenization, and secure data protection.

- Validate and monitor cryptographic services, ensuring compliance with regulatory and organizational security standards.

- Conduct audits and support service certifications to meet compliance frameworks (PCI-DSS, GDPR, ISO, etc.

Governance, Documentation & Compliance :

- Create and improve security documentation, policies, and technical playbooks.

- Support internal and external audits related to data protection and encryption practices.

- Provide subject matter expertise in cloud crypto security to engineering and business teams.

Required Skills & Qualifications :

- Strong understanding of cryptography fundamentals (symmetric/asymmetric encryption, hashing, digital signatures, PKI).

- Hands-on experience with Key Management Systems and certificate lifecycle management.

- Familiarity with cloud provider cryptographic services (AWS KMS, Azure Key Vault, GCP KMS).

- Proficiency with Terraform, GitHub, and Infrastructure-as-Code (IaC) practices.

- Knowledge of Service Control Policies and cloud governance frameworks.

- Experience with encryption protocols and key exchange mechanisms (TLS, SSL, Diffie-Hellman, etc.

- Exposure to compliance standards such as PCI-DSS, GDPR, HIPAA, ISO 27001, or SOC 2.

- Strong documentation and communication skills, with ability to create security playbooks and audit reports.

Preferred Qualifications :

- Experience in multi-cloud security architecture.

- Familiarity with HSMs (Hardware Security Modules) and enterprise-grade cryptographic hardware.

- Knowledge of DevSecOps practices for embedding cryptography into CI/CD pipelines.

- Background in data protection applications (encryption, tokenization, anonymization).

- Security certifications such as CISSP, CCSP, CISM, AWS Security Specialty, Azure Security Engineer, or GIAC GCLD.

Key Personal Attributes :

- Strong problem-solving and analytical skills.

- Ability to work in cross-functional, global teams.

- Detail-oriented with a focus on compliance and risk management.

- Proactive in identifying security risks and implementing mitigation strategies.