Skip to Main Content




Cryptography Consultant

We are Systematix and we are looking for aCryptography Consultantto fill a 6-month+ contract position with one of our National Media Clients in their Toronto orMontreal offices.


Our client is looking for a Cryptography Consultant to help identify corporate PKI requirements and provide recommendations and deploy solutions for SSL Certificate Management. The utilization of proper ciphers and identifying the risks associated with older ciphers (and their subsequent upgrade path) is also part of the mandate.


Perform TLS/SSL Health Checks:

  • Potential TLS/SSL certificate security risks:

    • Expired/revoked certificates

    • Untrusted roots

    • Missing/incomplete trust chain

    • Weak keys and hashing algorithms

  • TLS/SSL server vulnerabilities: Keep abreast of newly discovered SSL vulnerabilities and to manage, remediate, implement a process or monitor the new vulnerabilities going forward.

  • Design, Plan, Test and Deploy a Centralized Certificate Management System to auto update all yearly certificates across the enterprise. Work and transfer of knowledge toStaff to be included in this process.

  • Investigate, Plan and Test secure encryption transfer technologies (secure upload sites) and attachment encryptions (e.g. PGP).

  • Investigate and Design Applicable PKI Use Cases for the Enterprise:

    • Interview with project stakeholders to identify PKI requirements

    • Identifying & consolidating PKI use cases by priority

    • Identifying efficient and effective PKI lifecycle workflows

    • Supporting the design, build, and deployment of enterprise PKI systems.

    • Ensuring PKI systems comply with the relevant data privacy and protection frameworks and adhere to industry best practices.

    • Assessing and remediating the design and implementation of PKIs to mitigate risk.

    • Integrating items such as TLS inspection, IoT devices, and mobile device management (MDM) solutions.

    • Managing the configuration of PKI systems and testing PKI systems before production deployment.

    • Creating and maintaining system documentation.

    • Defining and improving PKI best practices.

    • Keeping up with industry trends and threats, particularly around PKI technologies.

    • Review & design of architecture including IoT, MDM, etc.

    • Written & delivered architecture design document

    • Testing of certificate lifecycles

    • Assistance to configure and test applications with digital certificates

    • Knowledge transfer Informal knowledge transfer to PKI administrators

    • Custom training for PKI administrators and users where applicable

    • Post-engagement summary report, operations guides, helpdesk guides, and user guides


  • Extensive experience in the Cryptography field.

  • Excellent analytical, evaluative, and problem-solving abilities

  • Must have the ability to work independently and multi-task effectively

  • This individual will have excellent written and oral communication skills, as well as interpersonal skills including the ability to articulate to both technical and non-technical audiences. The ideal candidate will be exceptionally self-motivated and directed.

    Linguistic requirement: Functional English mandatory. French is an asset.

  • The ideal candidate will have 5 years of experience working within the technical arena with 3 plus years of information security work experience regarding cryptography.

  • Experience with compliance programs as well as their technical and security requirements

  • A university degree in the field of computer science, IT or Information Security

  • Experience in security standards such as ISO 27001, 27002, 27005; NIST, COBIT, ITIL

  • Technical certifications within the area Security are a strong plus (CISSP, CRISC, CBCP, CISA, CISM or equivalent)

  • Requires knowledge and essential functions in the following areas:

    • Encryption technologies and concepts.

    • Knowledge of PKIcConcepts and infrastructure.

    • Knowledge of centralized certificate management and certificate auto update technologies.

    • Knowledge of secure and encrypted transfer technologies and attachment encryptions (PGP).

    • Enterprise Encryption Services protecting Data at Rest, Data in flight, and Transaction Data.

    • Ability to work with senior members to evaluate upgrades and new products & technologies for the

      enterprise encryption solutions.

    • Be a encryption security evangelist by driving Encryption Security Architecture and Design

    • Ability to define initial encryption requirements including analysis of threats and risks and alignment with best practices.

  • Engineering, IT, and Architecture standards.

Implement changes to the PKI infrastructure in accordance with standard procedures and change control policies and procedures

  • Proactively identify and recommend process improvement to reduce risk and improve operational efficiency and present complex security subjects to internal work groups and projects

  • Document design, installation, and Operations & Maintenance guides

  • Support end-to-end PKI infrastructure. Deploy, maintain, and troubleshoot encryption for PKI.

  • Support Certificate Management requests as per pre-defined set of procedures and within agreed Service

  • Monitor and troubleshoot PKI infrastructure services for problem and failures, providing support andresolutions.

  • Maintain security and technical certifications

  • Work with multiple security protocols including AMCE, KMIP, SSL/TLS, SSH, CMP, while utilizing excellent cryptography fundamentals, Digital Certificates, CRL/OCSP, PKI and PKCS standards

  • Support Venafi, ACME, CTL, and various certificate automation solutions.

  • Work with the FIPS 140-2 level 2+ certified Hardware Security Modules, Key Management systems such as RSA Data Protection Management, Thales/Gemalto KeySecure, and Vormetric DSM.

  • Work with multiple database protection functionalities including Native and Transparent Data Encryption as well as operating systems and file systems such as RHEL, Windows, NFS, GPFS, HDFS


This is a 6-month full-time contract (Mon-Fri, 8 hours a day) engagement. HYBRID.Preference will be given tocandidatesresidingwithin a reasonable distance fromMontreal orToronto.1-2 times onsite per week is preferred. If not, the consultant must still be able to work on site occasionally, when requested.There will be 1renewal optionof 6 months.


If you are interested in finding out more, please contact us or submit your resume, if you know someone who meets these qualifications, please forward this assignment opportunity to them.


Systematix is one of Canada’s largest privately-owned National Consulting and Resourcing firms. With offices across North America we provide the highest caliber consulting solutions to a diverse client base that includes all levels of Government and private industry sectors.

Systematix is committed to creating a diverse, inclusive environment and is proud to be anequal opportunity employer.

At Systematix, we bring people and projects together!


Job: Cryptography Consultant

"*" indicates required fields

Accepted file types: doc, docx, rtf, pdf, Max. file size: 64 MB.
Type of position desired:*