HSM Security Engineer

JOB DESCRIPTION - 5 days a week in Denver, Chicago, Addison, Washington, DC or Charlotte - long term contract (12-24 months)

We are seeking a mid-to-senior level Security Engineer to design, implement, and support enterprise security solutions focused on cryptography, key management, and HSM platforms. This role sits within the Global Information Security (GIS) team and works closely with application, infrastructure, and business teams to deliver secure, compliant crypto solutions across the organization.

• Design, implement, and maintain cryptographic security solutions, including key management systems and hardware security modules (HSMs)
• Partner with internal stakeholders to understand application and system security requirements and translate them into practical crypto solutions
• Evaluate and recommend the technical and operational feasibility of encryption and key management approaches
• Maintain and enhance hosted crypto platforms supporting payments, key management, and general-purpose encryption, ensuring compliance with banking and industry security standards
• Build proofs of concept and prototypes, and support solutions through design, testing, and production rollout
• Collaborate with database, operations, technical support, and engineering teams throughout the implementation lifecycle
• Administer and manage cryptographic keys, including:
• Key lifecycle management (creation, rotation, expiration, revocation)
• Centralized key management with strict access controls
• Alignment with internal security policies and standards

This role requires candidates to sit onsite 5 days a week in Denver, Chicago, Addison, Washington, DC or Charlotte

• 5-7 years of experience working with HSM (Hardware Security Modules) functions, Key Management and Cryptography (specifically Thales Luna HSM)
• 5-7 years of experience integrating and working with RESTful APIs (Postman, Insomnia)
• Experience implementing security best practices per Oasis KMIP 2 standards (including NIST SP 800-57, PCI DSS, GDPR
• Experience managing and securing systems in Linux and Windows environments
• Experience with cryptographic interfaces and frameworks such as PKCS#11, JCE, .NET, MS CNG Experience implementing monitoring and logging solutions (Splunk)

• Hands on experience working in containerized, cloud native environments including Kubernetes and Open Shift
• Understand and implement enterprise cryptography standards per industry. Specialize in crypto products like Thales Cipher Trust Manager, Hardware Security Modules and Payshield 10x.
• Database encryption with Microsoft SQL TDE, Oracle TDE with PKCS
  11 and KMIP compliant products.
• Work closely with stakeholders to define crypto requirement for KMS and HSM needs.

$70/hr to $80/hr.

Exact compensation may vary based on several factors, including skills, experience, and education.

Employees in this role will enjoy a comprehensive benefits package starting on day one of employment, including options for medical, dental, and vision insurance. Eligibility to enroll in the 401(k) retirement plan begins after 90 days of employment. Additionally, employees in this role will have access to paid sick leave and other paid time off benefits as required under the applicable law of the worksite location.