Data Security & Cryptography Engineer

The Senior Data Security & Cryptography Engineer is responsible for the end-to-end protection of the Client's most sensitive information. This is a highly specialized engineering role that sits at the intersection of data privacy, software development, and advanced mathematics.

You will design and implement the cryptographic foundations of our Client's infrastructure-from certificate lifecycle management to secure data pipelines for AI/ML. Your mission is to ensure that data is secure at rest, in transit, and in use, while maintaining strict alignment with global privacy standards like GDPR. What you will do:

Cryptography & Key Management

• Architect and implement cryptographic protocols (e.g., TLS 1.3, AES-256, RSA, ECC) and explore emerging Post-Quantum Cryptography (PQC) standards.
• Manage the full certificate lifecycle and Public Key Infrastructure (PKI).
• Design and maintain Key Management Systems (KMS) and Hardware Security Modules (HSM) to ensure secure storage and rotation of cryptographic keys.

Data Protection & DLP Engineering

• Lead data discovery and classification initiatives to identify sensitive data across structured and unstructured environments.
• Engineer and tune Data Loss Prevention (DLP) controls to prevent unauthorized exfiltration.
• Design secure data pipelines specifically for analytics and AI/ML environments, ensuring data masking, tokenization, or differential privacy where required.

Privacy Engineering & Compliance

• Implement Privacy by Design principles into new products and services, ensuring alignment with GDPR and ISO 27701.
• Develop technical controls for data residency, sovereignty, and subject access requests (DSAR).
• Perform cryptographic reviews of internal applications to identify weak algorithms or insecure implementations.

• Crypto/PKI: OpenSSL, HashiCorp Vault, AWS KMS, Azure Key Vault, or Thales/Entrust HSMs.
• DLP/Discovery: Microsoft Purview, BigID, Varonis, or Netskope.
• Data Platforms: Experience securing Snowflake, Databricks, or Hadoop environments.
• Privacy: OneTrust, TrustArc, or similar privacy engineering tools.
• Standards: Deep understanding of NIST SP 800-57 (Key Management) and FIPS 140-2/3.

What you bring:

• 6-8+ years of experience in Data Security, Cryptography, or Privacy Engineering.
• Technical Mastery: Deep understanding of mathematical concepts behind encryption (AES, RSA, ECC).
• Engineering Background: Ability to code or script (Python, Java, or C++) to integrate cryptographic libraries into applications.
• Privacy Focus: Proven experience translating legal requirements (GDPR) into technical security controls.
• Problem Solver: Ability to balance high-security cryptographic requirements with system performance and scalability.