We are seeking a skilled and experienced Hardware Security Module (HSM) and Cryptography Engineer to join our cybersecurity team. The ideal candidate will have deep expertise in Hardware Security Modules (HSMs), Public Key Infrastructure (PKI), cryptography, cloud key management, and encryption key management, combined with a strong understanding of cybersecurity governance and compliance.

In this role, you will be responsible for designing, implementing, and managing secure cryptographic solutions to safeguard critical data, systems, and applications. You will work closely with cross-functional teams to ensure robust encryption practices, compliance with cybersecurity standards, and seamless integration with cloud and on-premises environments.

Key Responsibilities: HSM and Cryptography Management

• Deploy, configure, and maintain Hardware Security Modules (HSMs) to protect sensitive cryptographic keys and operations.
• Design and implement cryptographic solutions (eg, key generation, encryption, digital signatures) to secure data and systems.
• Conduct performance tuning and capacity planning for HSMs to support business needs.
• Integrate HSMs with enterprise applications, databases, and cloud environments.

PKI and Encryption Key Management

• Manage Public Key Infrastructure (PKI) systems, including issuing, renewing, and revoking digital certificates.
• Develop and maintain encryption key management systems to ensure secure storage, usage, and life cycle management of keys.
• Design and enforce policies and procedures for encryption key usage and handling.

Cloud Key Management and Integration

• Implement and manage cloud-based key management services (eg, AWS KMS, Azure Key Vault, Google Cloud KMS).
• Ensure secure integration of cryptographic solutions across hybrid and multi-cloud environments.
• Provide guidance on best practices for securing sensitive data in the cloud.

Cybersecurity Governance and Compliance

• Develop and enforce policies and standards for cryptographic operations and key management.
• Ensure compliance with industry regulations and frameworks (eg, GDPR, PCI DSS, ISO 27001, NIST).
• Conduct risk assessments and audits of cryptographic systems to identify and address vulnerabilities.
• Collaborate with internal and external auditors to ensure adherence to cybersecurity governance requirements.

Research and Innovation

• Stay updated on the latest cryptographic technologies, tools, and threats.
• Evaluate emerging HSM, PKI, and key management solutions to enhance the organization's security posture.
• Provide training and knowledge sharing for teams on cryptographic best practices and technologies.

Key Requirements:Technical Expertise

• Strong experience in configuring, deploying, and managing HSMs (eg, Thales, Gemalto, Utimaco, AWS CloudHSM).
• Expertise in PKI, including certificate authorities, digital certificates, and secure communication protocols (eg, TLS, SSL).
• Solid understanding of cryptographic algorithms (eg, RSA, AES, ECC) and their applications.
• Experience with cloud-based key management services (eg, AWS KMS, Azure Key Vault).
• Proficiency in encryption key management tools and platforms.

Cybersecurity and Governance Knowledge

• Familiarity with cybersecurity frameworks (eg, NIST, ISO 27001) and regulatory compliance standards (eg, GDPR, PCI DSS).
• Knowledge of secure coding practices and vulnerability management.

General Skills

• Strong problem-solving and analytical skills to identify and mitigate cryptographic risks.
• Excellent communication and documentation skills to explain technical concepts to non-technical stakeholders.
• Experience working in Agile or DevOps environments is a plus.

Qualifications

• Bachelor's degree in Computer Science, Information Security, or a related field (or equivalent experience).
• Relevant certifications are highly desirable (eg, CISSP, CISM, CCSP, GIAC, AWS Certified Security Specialty).