Description
We are seeking a skilled and experienced Hardware Security Module (HSM) and Cryptography Engineer to join our cybersecurity team. The ideal candidate will have deep expertise in Hardware Security Modules (HSMs), Public Key Infrastructure (PKI), cryptography, cloud key management, and encryption key management, combined with a strong understanding of cybersecurity governance and compliance.
In this role, you will be responsible for designing, implementing, and managing secure cryptographic solutions to safeguard critical data, systems, and applications. You will work closely with cross-functional teams to ensure robust encryption practices, compliance with cybersecurity standards, and seamless integration with cloud and on-premises environments.
Key Responsibilities:
HSM and Cryptography Management
- Deploy, configure, and maintain Hardware Security Modules (HSMs) to protect sensitive cryptographic keys and operations.
- Design and implement cryptographic solutions (eg. key generation, encryption, digital signatures) to secure data and systems.
- Conduct performance tuning and capacity planning for HSMs to support business needs.
- Integrate HSMs with enterprise applications, databases, and cloud environments.
PKI and Encryption Key Management
- Manage Public Key Infrastructure (PKI) systems including issuing, renewing, and revoking digital certificates.
- Develop and maintain encryption key management systems to ensure secure storage usage & life cycle management of keys.
- Design & enforce policies & procedures for encryption key usage & handling.
Cloud Key Management & Integration
- Implement & manage cloud-based key management services (eg. AWS KMS Azure Key Vault Google Cloud KMS).
- Ensure secure integration of cryptographic solutions across hybrid & multi-cloud environments.
- Provide guidance on best practices for securing sensitive data in the cloud.
Cybersecurity Governance & Compliance
- Develop & enforce policies & standards for cryptographic operations & key management.
- Ensure compliance with industry regulations/frameworks (eg. GDPR PCI DSS ISO 27001 NIST).
- Conduct risk assessments/audits of cryptographic systems to identify/ address vulnerabilities.
- Collaborate with internal/external auditors to ensure adherence to cybersecurity governance requirements.
Research & Innovation
- Stay updated on the latest cryptographic technologies tools/ threats.
- Evaluate emerging HSM PKI/key management solutions to enhance the organization's security posture.
- Provide training/knowledge sharing for teams on cryptographic best practices/technologies.
Key Requirements:
Technical Expertise
- Strong experience in configuring deploying/managing HSMs (eg Thales Gemalto Utimaco AWS CloudHSM).
- Expertise in PKI including certificate authorities digital certificates/secure communication protocols(eg TLS SSL).
- Solid understanding of cryptographic algorithms(eg RSA AES ECC)and their applications.
- Experience with cloud-based key management services(eg AWS KMS Azure Key Vault).
- Proficiency in encryption key management tools/platforms.
Cybersecurity/Governance Knowledge
- Familiarity with cybersecurity frameworks(eg NIST ISO 27001)/regulatory compliance standards( eg GDPR PCI DSS).
- Knowledge of secure coding practices/vulnerability management.
General Skills
- Strong problem-solving analytical skills identify/mitigatecryptograph risks.
- Excellent communication/documentation skills explain technical concepts nontechnical stakeholders.
- Experience working Agile or DevOps environments is a plus.
Qualifications:
Bachelor's degree in Computer Science Information Security or related field(or equivalent experience). Relevant certifications are highly desirable( eg CISSP CISM CCSP GIAC AWS Certified Security Specialty).