CKMS & HSM IT Security Engineer

? What if your expertise could secure millions of transactions against cyber threats?

? Ready to shape the future of digital trust in a top-tier European bank?

? Looking for a role where cutting-edge tech meets global impact-and flexibility?, ? Protect BNP Paribas' digital assets as a Cryptographic Security Specialist in our Group Production Security - Defense team. You'll:

• Safeguard critical systems (HSM, KMS, PKI, encryption) in hybrid/cloud environments (Office 365, IBM).
• Design and deploy next-gen security solutions (BYOK, KYOK, e-signatures) for regulatory compliance and business resilience.
• Bridge the gap between security policies and operational reality, ensuring Level 3 support and on-call readiness.
• Automate and industrialize processes to scale security without compromising performance., * Maintain HSM/KMS infrastructures and manage cryptographic key lifecycles (generation, rotation, revocation).
• Qualify and implement new security solutions (e.g., post-quantum algorithms, cloud-native encryption).
• Automate key ceremonies, MSM installations, and incident response workflows.

? Secure & Support:

• Provide L3 support for cryptographic incidents and engineer fixes under pressure.
• Participate in on-call rotation (1 week/month) for 24/7 service availability.
• Collaborate with IT Risk, IAM, and business lines to translate security requirements into actionable designs.

? Innovate & Advise:

• Monitor threats (vulnerabilities, algorithm weaknesses) and propose mitigations.
• Guide projects on secure authentication, data protection, and compliance (e.g., GDPR, NIS2).
• Document procedures and train teams on cryptographic best practices.

? Education: Master's degree (or equivalent) in Cybersecurity, IT, or Engineering.

? Experience:

• 2-4 years in HSM, KMS, or PKI (e.g., Thales, AWS KMS, IBM Cloud HSM).
• IT Production environment exposure (incident management, SPOC for escalations).
• Cloud security (Office 365, IBM Cloud) and cryptographic protocols (TLS, RSA, ECC).

? Languages: Fluent English (mandatory); French (a plus).

? Technical Skills:

• Expert: Cryptography (HSM, KMS, BYOK), Security Architecture, UNIX/Windows Admin.
• Proficient: Python/Shell scripting, IAM, Active Directory, PostgreSQL/MongoDB.
• Knowledge: Network security, automation tools (Ansible, Terraform).

? Soft Skills:

• Rigorous under pressure (on-call, tight deadlines).
• Collaborative (cross-team projects, stakeholder management).
• Proactive in threat intelligence and process improvement.

?️ Spain IT Production is BNP Paribas' EMEA digital backbone, with 400+ experts ensuring secure, high-performance IT services for CIB, Retail Banking, and more. From infrastructure to cybersecurity, we standardize, stabilize, and future-proof the bank's operations-24/7, across clouds and continents., ? A global banking leader, BNP Paribas operates in 65 countries, combining financial strength with tech-driven innovation. Our Spain IT Production Hub is a cornerstone of digital resilience, where expertise meets agility-because security is everyone's business.