Hardware Security Engineer - PKI/HSM Modules (7-11 yrs)

Job Description :

We are looking for a Hardware Security Engineer with expertise in Public Key Infrastructure (PKI), Hardware Security Modules (HSM), and Venafi Certificate Management (CTM/CLM). The ideal candidate will have hands-on experience in the implementation, maintenance, and support of Microsoft PKI & Venafi CLM, as well as experience in SafeNet Luna SA, payment HSM maintenance activities, and key management systems (SafeNet KeySecure or equivalent).

Key Responsibilities :

- Implement, manage, and support Microsoft PKI and Venafi CLM solutions.

- Configure and maintain Hardware Security Modules (HSMs), including SafeNet Luna SA and payment HSMs.

- Ensure the security, availability, and performance of key management systems, preferably SafeNet KeySecure.

- Perform certificate lifecycle management using Venafi Certificate Trust Manager (CTM).

- Develop and enforce PKI policies, standards, and procedures in alignment with security best practices.

- Monitor and troubleshoot PKI, HSM, and key management infrastructure for performance, availability, and security issues.

- Assist in the design and implementation of cryptographic solutions for secure communications, authentication, and data protection.

- Work closely with internal security, infrastructure, and application teams to integrate PKI and key management services.

- Conduct periodic security audits and assessments to ensure compliance with organizational and regulatory security standards.

- Provide technical support for security incidents related to PKI, HSM, and key management infrastructure.

Required Skills & Qualifications :

- Strong experience in Public Key Infrastructure (PKI) implementation and support (Microsoft PKI, Venafi CLM).

- Hands-on expertise in Hardware Security Modules (HSMs), specifically SafeNet Luna SA and payment HSM maintenance.

- Experience in managing key management systems (KMS), preferably SafeNet KeySecure.

- Proficiency in Venafi Certificate Trust Manager (CTM) for certificate lifecycle management.

- Strong knowledge of cryptographic protocols, including TLS, SSL, RSA, ECC, AES, and SHA.

- Experience with secure key storage, key generation, and key rotation policies.

- Familiarity with compliance and security standards (FIPS 140-2, PCI-DSS, NIST, ISO 27001).

- Knowledge of network security, identity & access management (IAM), and authentication protocols.

- Proficiency in scripting (PowerShell, Python, Bash) for automation of security operations.

- Experience working with cloud-based security solutions (AWS KMS, Azure Key Vault, or Google Cloud KMS) is a plus.

Preferred Qualifications :

- Certifications in CISSP, CISM, CISA, CCSP, or Security+.

- Experience in compliance audits and regulatory frameworks related to cryptography and key management.

- Understanding of blockchain security, tokenization, and digital signatures.

Benefits :

- Competitive salary & performance-based bonuses.

- Health & wellness benefits.

- Remote work flexibility (if applicable).

- Learning & development opportunities.

- Cutting-edge technology exposure in the cybersecurity space.