K20S Information Technology Est logo

Data Security Engineer (HSM PKI )

K20S Information Technology Est
Full-time
On-site
New York, United States
Data Security Engineer
Location: Qatar Onside
Experience Required: 5-7 Years
Duration 1yr (Renewable)
Banking Experience Mandatory
Availability: Immediate Joiner Preferred

Position Overview:
We are looking for a highly skilled Data Security Engineer with deep technical expertise in
Utimaco Hardware Security Modules (HSM) or similar kind other vendor, Key Management
Systems (KMS), Payment Security, and Public Key Infrastructure (PKI). The ideal candidate
will bring at least 5-7 years of hands-on experience in securing critical data systems, with a
specific focus on the banking and financial services sectors. This role requires someone with
a strong cryptographic background and have solid cyber security foundation and a proven
track record in deploying, managing, and optimizing security solutions for sensitive data.
Key Responsibilities:
• HSM Integration & Management: Design, deploy, configure, and maintain Utimaco HSMs
for cryptographic key storage and processing. Ensure secure generation, storage, and
usage of cryptographic keys in line with banking compliance frameworks.
• Key Management Systems (KMS): Architect and operationalize Key Management
Systems to support key lifecycle management, including key generation, distribution,
rotation, and destruction. Implement enterprise-grade encryption practices with
emphasis on security, performance, and compliance.
• Payment Security Implementation: Secure the end-to-end lifecycle of payment
transactions through encryption, tokenization, and key management protocols. Develop
and enforce standards compliant with PCI DSS, EMV, and ISO 20022. Engage in securing
real-time payments, SWIFT transactions, and digital banking services.
• PKI Deployment & Administration: Oversee Public Key Infrastructure (PKI), including
the design and management of certificate authorities (CA), subordinate CAs, and
registration authorities (RA). Administer certificate lifecycles, certificate revocation lists
(CRLs), and secure digital certificate distribution.
• Banking Data Encryption: Implement encryption strategies for sensitive banking data
both at rest and in transit, ensuring compliance with local and international financial
regulatory frameworks, including GDPR, FFIEC, and Basel III. Utilize encryption
algorithms such as AES, RSA, and ECC for optimal data protection.
• Security Hardening: Perform ongoing system hardening, security audits, and risk
assessments across HSMs, KMS, PKI, and payment security infrastructure. Identify and
mitigate vulnerabilities, ensuring that all cryptographic systems are resilient to attacks.
• Compliance & Risk Management: Ensure that all cryptographic operations adhere to
industry and banking standards, such as ISO 27001, PCI DSS, NIST SP 800-57, FIPS 140-
2, and eIDAS. Collaborate with internal audit teams to align practices with risk
management and data protection policies.
• Incident Response & Monitoring: Provide expert-level support during security incidents
related to cryptographic systems. Deploy proactive monitoring and logging to detect
anomalies or breaches in data encryption systems.
• Performance Optimization: Fine-tune the performance of cryptographic hardware and
software systems to meet the high transaction volumes typical of banking
environments. Ensure minimal latency and robust throughput in key management and
cryptographic processing.
Technical Requirements:
• HSM Expertise: Proficiency with Utimaco HSM platforms, including CryptoServer Se,
CSe-Series, and CSeC-Series, with a focus on configuring key hierarchies, secure key
injection, and partitioning for multiple security domains.
• KMS Proficiency: In-depth knowledge of enterprise KMS systems, such as Gemalto
SafeNet, Thales CipherTrust, or AWS KMS, including handling complex key hierarchies
and ensuring keys are securely distributed and used across the enterprise.
• Payment Security Protocols: Expertise in securing payment systems following PCI HSM,
EMV, 3-D Secure, SWIFT standards, with direct experience in designing secure payment
channels, and using Hardware Security Modules to safeguard cryptographic keys used
in payment authorization and tokenization systems.
• Cryptographic Algorithms: Strong foundational knowledge of cryptographic algorithms,
including AES, RSA, ECC, SHA-2, SHA-3, HMAC, and practical experience with both
symmetric and asymmetric encryption methodologies.
• PKI and Certificate Management: Extensive experience with PKI infrastructures,
managing X.509 certificates, and familiarity with OCSP, SCEP, and LDAP for certificate
validation and revocation.
Qualifications and Experience:
• Education: Bachelor's or Master's degree in Computer Science, Information Security, or
related field.
• Experience: Minimum of 5-7 years of focused experience in HSM, KMS, PKI, and
Payment Security solutions, particularly in high-compliance, high-security
environments such as banking, financial services, or payment processing.
• Industry Certifications: Certifications such as CISSP, CISM, CCSP, PCI DSS QSA, or
specialized certifications in HSM and KMS technologies (e.g., Utimaco Certified HSM
Specialist) are highly preferred.
• Banking Industry Experience: Strong background in securing banking and financial
transaction environments, with a thorough understanding of regulatory requirements
such as PCI DSS, PSD2, SWIFT CSP, and Basel III.
Personal Attributes:
• Availability: Must be available for immediate onboarding or with minimal notice period.
• Analytical Mindset: Capable of evaluating complex cryptographic architectures and
identifying gaps and improvement areas in securing data workflows.
• Team Collaboration: Proven ability to work in cross-functional teams, including IT
infrastructure, compliance, and application development teams, to ensure
comprehensive data security strategies