Senior Information Technology Security Consultant

Position Title: Data Infrastructure Security Engineer

Type: Full-time

The Data Infrastructure Protection Engineer will be responsible for designing, implementing, and maintaining enterprise‑grade cryptographic security controls across the organization’s data infrastructure. The role focuses on ensuring secure data handling, robust key‑management practices, and advanced protection of sensitive information using PKI, HSM, CLM, and emerging quantum‑safe technologies.

The engineer will work closely with security, infrastructure, and application teams to enforce strong cryptographic standards and support secure digital identity management across platforms.

• Deploy, manage, and optimize Public Key Infrastructure (PKI) solutions using Nokia technologies.
• Support digital signature services, certificate management, and trust‑store maintenance.
• Oversee Certificate Lifecycle Management (CLM) processes including issuance, renewal, and revocation using Nokia CLM platforms.

• Integrate and manage Hardware Security Modules (HSMs)—primarily Utimaco—for secure key generation, storage, and cryptographic operations.
• Develop and enforce enterprise key‑management procedures aligned with security policies and compliance standards.
• Ensure strong encryption for data‑at‑rest, data‑in‑transit, and secure application‑level cryptographic operations.

• Evaluate and implement Quantum Key Distribution (QKD) technologies for secure communication channels.
• Support the transition towards quantum‑resistant cryptographic algorithms and hybrid security models.
• Collaborate with specialized vendors for deployment of QKD infrastructure.
• Establish and maintain standards for secure data processing, classification, and storage.
• Integrate cryptographic controls with data‑protection tools, applications, and platforms.
• Work with DevOps / Cloud teams to embed encryption and certificates into CI/CD pipelines.
• Ensure adherence to internal security policies, regulatory frameworks, and industry best practices.
• Monitor cryptographic system performance, certificate expiry, and key‑usage patterns.
• Investigate cryptographic or certificate‑related incidents and perform root‑cause analysis.

• Strong hands‑on experience with PKI technologies, certificate services, and digital signature platforms — preferably Nokia PKI solutions.
• Practical knowledge of HSMs (Utimaco - MUST HAVE) including key storage, crypto operations, and administration.
• Experience with Certificate Lifecycle Management (CLM) platforms (Nokia CLM ideal).
• Understanding of Quantum Key Distribution (QKD) principles and quantum‑safe cryptography.
• Proficiency in encryption standards (AES, RSA, ECC), TLS, secure protocols, and cryptographic APIs.

• Experience with automation for certificate deployment (e.g., Ansible, Python, Shell).
• Strong troubleshooting and analytical skills.
• Knowledge of compliance frameworks (ISO 27001, NIST SP 800‑57, GDPR, PCI DSS).

• Bachelor’s or Master’s in Computer Science, Information Security, or related field.
• Vendor‑specific: HSM or PKI certifications are a plus.

• Strong communication and documentation abilities.
• Ability to collaborate with cross‑functional teams.
• Proactive, detail‑oriented, and security‑focused mindset.