Data Security Engineer (HSM PKI )

Banking Experience Mandatory

Availability: Immediate Joiner Preferred

We are looking for a highly skilled Data Security Engineer with deep technical expertise in Utimaco Hardware Security Modules (HSM) or similar vendor, Key Management Systems (KMS), Payment Security, and Public Key Infrastructure (PKI). The ideal candidate will bring at least 5-7 years of hands-on experience in securing critical data systems, with a specific focus on the banking and financial services sectors. This role requires someone with a strong cryptographic background and a solid cyber security foundation and a proven track record in deploying, managing, and optimizing security solutions for sensitive data.

• HSM Integration & Management: Design, deploy, configure, and maintain Utimaco HSMs for cryptographic key storage and processing. Ensure secure generation, storage, and usage of cryptographic keys in line with banking compliance frameworks.
• Key Management Systems (KMS): Architect and operationalize Key Management Systems to support key lifecycle management, including key generation, distribution, rotation, and destruction. Implement enterprise-grade encryption practices with emphasis on security, performance, and compliance.
• Payment Security Implementation: Secure the end-to-end lifecycle of payment transactions through encryption, tokenization, and key management protocols. Develop and enforce standards compliant with PCI DSS, EMV, and ISO 20022. Engage in securing real-time payments, SWIFT transactions, and digital banking services.
• PKI Deployment & Administration: Oversee Public Key Infrastructure (PKI), including the design and management of certificate authorities (CA), subordinate CAs, and registration authorities (RA). Administer certificate lifecycles, certificate revocation lists (CRLs), and secure digital certificate distribution.
• Banking Data Encryption: Implement encryption strategies for sensitive banking data both at rest and in transit, ensuring compliance with local and international financial regulatory frameworks, including GDPR, FFIEC, and Basel III. Utilize encryption algorithms such as AES, RSA, and ECC for optimal data protection.
• Security Hardening: Perform ongoing system hardening, security audits, and risk assessments across HSMs, KMS, PKI, and payment security infrastructure. Identify and mitigate vulnerabilities, ensuring that all cryptographic systems are resilient to attacks.
• Compliance & Risk Management: Ensure that all cryptographic operations adhere to industry and banking standards, such as ISO 27001, PCI DSS, NIST SP 800-57, FIPS 140-2, and eIDAS. Collaborate with internal audit teams to align practices with risk management and data protection policies.
• Incident Response & Monitoring: Provide expert-level support during security incidents related to cryptographic systems. Deploy proactive monitoring and logging to detect anomalies or breaches in data encryption systems.
• Performance Optimization: Fine-tune the performance of cryptographic hardware and software systems to meet the high transaction volumes typical of banking environments. Ensure minimal latency and robust throughput in key management and cryptographic processing.

• HSM Expertise: Proficiency with Utimaco HSM platforms, including CryptoServer Se, CSe-Series, and CSeC-Series, with a focus on configuring key hierarchies, secure key injection, and partitioning for multiple security domains.
• KMS Proficiency: In-depth knowledge of enterprise KMS systems, such as Gemalto SafeNet, Thales CipherTrust, or AWS KMS, including handling complex key hierarchies and ensuring keys are securely distributed and used across the enterprise.
• Payment Security Protocols: Expertise in securing payment systems following PCI HSM, EMV, 3-D Secure, SWIFT standards, with direct experience in designing secure payment channels, and using Hardware Security Modules to safeguard cryptographic keys used in payment authorization and tokenization systems.
• Cryptographic Algorithms: Strong foundational knowledge of cryptographic algorithms, including AES, RSA, ECC, SHA-2, SHA-3, HMAC, and practical experience with both symmetric and asymmetric encryption methodologies.
• PKI and Certificate Management: Extensive experience with PKI infrastructures, managing X.509 certificates, and familiarity with OCSP, SCEP, and LDAP for certificate validation and revocation.

• Education: Bachelor's or Master's degree in Computer Science, Information Security, or related field.
• Experience: Minimum of 5-7 years of focused experience in HSM, KMS, PKI, and Payment Security solutions, particularly in high-compliance, high-security environments such as banking, financial services, or payment processing.
• Industry Certifications: Certifications such as CISSP, CISM, CCSP, PCI DSS QSA, or specialized certifications in HSM and KMS technologies (e.g., Utimaco Certified HSM Specialist) are highly preferred.
• Banking Industry Experience: Strong background in securing banking and financial transaction environments, with a thorough understanding of regulatory requirements such as PCI DSS, PSD2, SWIFT CSP, and Basel III.

• Availability: Must be available for immediate onboarding or with minimal notice period.
• Analytical Mindset: Capable of evaluating complex cryptographic architectures and identifying gaps and improvement areas in securing data workflows.
• Team Collaboration: Proven ability to work in cross-functional teams, including IT infrastructure, compliance, and application development teams, to ensure comprehensive data security strategies.

Mid-Senior level

Full-time

Information Technology

IT Services and IT Consulting