Software Engineer
Job Description
Enterprise Keys Management Engineer -Job Description
\n
Job Description: Cryptography & Key Management Systems Engineer (5+ Years Experience)
Position Overview
\nWe are seeking an experienced Cryptography & Key Management Systems (KMS) Engineer with a strong background in designing, implementing, and managing secure cryptographic solutions. The ideal candidate will have at least 5 years of hands-on experience working with encryption technologies, cloud and on-prem key management platforms, HSMs, and secure software development practices.
\nThis role will collaborate closely with security, infrastructure, application engineering, and compliance teams to ensure best-in-class protection of sensitive data across the enterprise.
\nKey Responsibilities
\n1. Cryptographic System Design & Implementation
\n- \n
- Design, implement, and maintain enterprise-grade Key Management Systems (KMS) , including both cloud-native (AWS KMS, Azure Key Vault, Google Cloud KMS) and on-prem solutions. \n
- Develop cryptographic architectures including key hierarchy, key rotation policies, envelope encryption, and secure key lifecycle processes. \n
- Integrate cryptographic services into applications, APIs, microservices, and distributed systems. \n
2. Hardware Security Modules (HSMs)
\n- \n
- Deploy, configure, and manage HSMs for secure key generation and storage. \n
- Integrate HSM-backed signing and encryption capabilities into enterprise systems. \n
3. Security Engineering & Cryptographic Best Practices
\n- \n
- Advise engineering teams on cryptographic choices, secure protocols, and implementation details. \n
- Perform cryptographic code reviews and security assessments. \n
- Ensure compliance with NIST, FIPS-140-2/3, ISO 27001, PCI-DSS, SOC2, GDPR, and internal security policies. \n
4. Monitoring, Auditing, & Incident Response
\n- \n
- Implement auditing for key access, encryption events, and cryptographic system activity. \n
- Monitor system health, capacity, and performance. \n
- Participate in incident response and forensics involving cryptographic assets. \n
5. Documentation & Cross-Team Collaboration
\n- \n
- Maintain detailed architecture documentation, key lifecycle procedures, operational runbooks, and API integration guides. \n
- Partner with DevOps/SRE teams to automate cryptography operations using CI/CD, IaC (Terraform, CloudFormation), and secrets management tools. \n
Technical Qualifications
\n- \n
- Bachelor's or Master’s in Computer Science, Cybersecurity, Information Security, or related field. \n
- 5+ years of experience in cryptography, security engineering, or related domain. \n
- Hands-on experience with:\n
- \n
- Fortanix Data Security Manager \n
- Cloud KMS (AWS/Azure/GCP) \n
- Secrets management tools (HashiCorp Vault, CyberArk, AWS Secrets Manager) \n
- HSMs (Thales, Luna, CloudHSM, Utimaco) \n
\n - Strong understanding of:\n
- \n
- Symmetric/asymmetric encryption, hashing, digital signatures \n
- TLS, mTLS, SSH, IPSec, JWT, OAuth2/OpenID Connect \n
- Key lifecycle management principles \n
\n - Proficiency in scripting and/or programming (Python, Go, Java, Bash). \n
- Familiarity with SQL Databases (SQL Server, Postgres, MySQL), and their encryption at rest. \n
- Familiarity with cloud-based data storage services, including object storage, distributed file share services, and NoSQL databases across major cloud service providers. \n
- Understanding of secure SDLC and DevSecOps. \n
Preferred Qualifications
\n- \n
- Experience with zero-trust architecture. \n
- Familiarity with SMPC, threshold cryptography, or post-quantum cryptography (PQC). \n
- Experience building APIs or services for cryptographic operations. \n
- Knowledge of cloud-native deployment technologies (Kubernetes, Docker). \n
- Security certifications: CEH, GIAC, CCSP, AWS/Azure Security Specialty. \n
Soft Skills
\n- \n
- Strong analytical, debugging, and problem-solving abilities. \n
- Excellent written and verbal communication. \n
- Ability to work cross-functionally with infrastructure, development, and compliance teams. \n
- Attention to detail with a focus on secure-by-design principles. \n