HSM Security Engineer

Insight Global
Denver, United States of America
6 days ago

Role details

Contract type
Permanent contract
Employment type
Full-time (> 32 hours)
Working hours
Regular working hours
Languages
English
Experience level
Senior

Job location

Denver, United States of America

Tech stack

.NET
Databases
Database Encryption
Linux
Hardware Security Module
Information Security Management
Key Management
Microsoft SQL Server
Openshift
Oracle Applications
PCI Data Security Standards
Systems Integration
Cloud Platform System
Postman
Kubernetes
REST
Splunk

Job description

We are seeking a mid-to-senior level Security Engineer to design, implement, and support enterprise security solutions focused on cryptography, key management, and HSM platforms. This role sits within the Global Information Security (GIS) team and works closely with application, infrastructure, and business teams to deliver secure, compliant crypto solutions across the organization., * Design, implement, and maintain cryptographic security solutions, including key management systems and hardware security modules (HSMs)

  • Partner with internal stakeholders to understand application and system security requirements and translate them into practical crypto solutions
  • Evaluate and recommend the technical and operational feasibility of encryption and key management approaches
  • Maintain and enhance hosted crypto platforms supporting payments, key management, and general-purpose encryption, ensuring compliance with banking and industry security standards
  • Build proofs of concept and prototypes, and support solutions through design, testing, and production rollout
  • Collaborate with database, operations, technical support, and engineering teams throughout the implementation lifecycle
  • Administer and manage cryptographic keys, including:

  • Key lifecycle management (creation, rotation, expiration, revocation)

  • Centralized key management with strict access controls

  • Alignment with internal security policies and standards

This role requires candidates to sit onsite 5 days a week in Denver, Chicago, Addison, Washington, DC or Charlotte

Requirements

  • 5-7 years of experience working with HSM (Hardware Security Modules) functions, Key Management and Cryptography (specifically Thales Luna HSM)

  • 5-7 years of experience integrating and working with RESTful APIs (Postman, Insomnia)

  • Experience implementing security best practices per Oasis KMIP 2 standards (including NIST SP 800-57, PCI DSS, GDPR

  • Experience managing and securing systems in Linux and Windows environments

  • Experience with cryptographic interfaces and frameworks such as PKCS#11, JCE, .NET, MS CNG

Experience implementing monitoring and logging solutions (Splunk) - Hands on experience working in containerized, cloud native environments including Kubernetes and OpenShift

  • Understand and implement enterprise cryptography standards per industry. Specialize in crypto products like Thales CipherTrust Manager, Hardware Security Modules and Payshield 10x.

    • Database encryption with Microsoft SQL TDE, Oracle TDE with PKCS11 and KMIP compliant products.
    • Work closely with stakeholders to define crypto requirement for KMS and HSM needs.

Apply for this position