CKMS & HSM IT Security Engineer

and business resilience. Bridge the gap between security policies and operational reality, ensuring Level 3 support and on-call readiness. Automate and industrialize processes to scale security without compromising performance. Your work keeps our bank-and its clients- one step ahead of cyber threats. WHAT YOU'LL DO ️ Operate & Evolve Cryptographic Services : Maintain HSM/KMS infrastructures and manage cryptographic key lifecycles (generation, rotation, revocation). Qualify and implement new security solutions (e.g., post-quantum algorithms, cloud-native encryption). Automate key ceremonies, MSM installations, and incident response workflows. Secure & Support : Provide L3 support for cryptographic incidents and engineer fixes under pressure. Participate in on-call rotation (1 week/month) for 24/7 service availability. Collaborate with IT Risk, IAM, and business lines to translate security requirements into actionable designs. Innovate & Advise : Monitor threats (vulnerabilities

algorithm weaknesses) and propose mitigations. Guide projects on secure authentication, data protection, and compliance (e.g., GDPR, NIS2). Document procedures and train teams on cryptographic best practices. WHAT YOU'LL BRING Education : Master's degree (or equivalent) in Cybersecurity, IT, or Engineering. Experience : 2-4 years in HSM, KMS, or PKI (e.g., Thales, AWS KMS, IBM Cloud HSM). IT Production environment exposure (incident management, SPOC for escalations). Cloud security (Office 365, IBM Cloud) and cryptographic protocols (TLS, RSA, ECC). Languages : Fluent English (mandatory); French (a plus). Technical Skills : Expert : Cryptography (HSM, KMS, BYOK), Security Architecture, UNIX/Windows Admin. Proficient : Python/Shell scripting, IAM, Active Directory, PostgreSQL/MongoDB. Knowledge : Network security, automation tools (Ansible, Terraform). Soft Skills : Rigorous under pressure (on-call, tight deadlines). Collaborative (cross-team projects, stakeholder management). Proactive in threat intelligence and process improvement. OUR PERKS Career Growth : Training programs, global mobility, and tailored career paths. Inclusion : D&I committees (PRIDE, MixCity, We Generations) and a psychologically safe workplace. Learn more: Diversity, equality and inclusion | BNP Paribas. Impact : 1 Million Hours 2 Help -volunteer for causes you care about. Flexibility : Hybrid model (50% remote) + flexible compensation. ️ Balance : 32 vacation days to recharge. ABOUT BNP PARIBAS A global banking leader, BNP Paribas operates in 65 countries, combining financial strength with tech-driven innovation. Our Spain IT Production Hub is a cornerstone of digital resilience, where expertise meets agility -because security is everyone's business. APPLY NOW! Ready to defend the future of banking? Submit your application today. Join a team where your skills protect millions -and your growth knows no borders. Explore more opportunities at BNP

What if your expertise could secure millions of transactions against cyber threats? Ready to shape the future of digital trust in a top-tier European bank? Looking for a role where cutting-edge tech meets global impact-and flexibility? INDEX 1️⃣ Who we are 2️⃣ Mission 3️⃣ What you'll do 4️⃣ What you'll bring 5️⃣ Our perks 6️⃣ About BNP Paribas WHO WE ARE ️ Spain IT Production is BNP Paribas' EMEA digital backbone, with 400+ experts ensuring secure, high-performance IT services for CIB, Retail Banking, and more. From infrastructure to cybersecurity, we standardize, stabilize, and future-proof the bank's operations- 24/7, across clouds and continents. MISSION Protect BNP Paribas' digital assets as a Cryptographic Security Specialist in our Group Production Security - Defense team. You'll: Safeguard critical systems (HSM, KMS, PKI, encryption) in hybrid/cloud environments (Office 365, IBM). Design and deploy next-gen security solutions (BYOK, KYOK, e-signatures) for regulatory compliance