Data Security Engineer (HSM PKI )

Data Security Engineer

Location: Qatar Onside

Experience Required: 5-7 Years

Duration 1yr (Renewable)

Banking Experience Mandatory

Availability: Immediate Joiner Preferred

Position Overview

We are looking for a highly skilled Data Security Engineer with deep technical expertise in

Utimaco Hardware Security Modules (HSM) or similar kind other vendor, Key Management

Systems (KMS), Payment Security, and Public Key Infrastructure (PKI). The ideal candidate

will bring at least 5-7 years of hands-on experience in securing critical data systems, with a

specific focus on the banking and financial services sectors. This role requires someone with

a strong cryptographic background and have solid cyber security foundation and a proven

track record in deploying, managing, and optimizing security solutions for sensitive data.

Key Responsibilities

• HSM Integration & Management: Design, deploy, configure, and maintain Utimaco HSMs
  
  

for cryptographic key storage and processing. Ensure secure generation, storage, and

usage of cryptographic keys in line with banking compliance frameworks.

• Key Management Systems (KMS): Architect and operationalize Key Management
  
  

Systems to support key lifecycle management, including key generation, distribution,

rotation, and destruction. Implement enterprise-grade encryption practices with

emphasis on security, performance, and compliance.

• Payment Security Implementation: Secure the end-to-end lifecycle of payment
  
  

transactions through encryption, tokenization, and key management protocols. Develop

and enforce standards compliant with PCI DSS, EMV, and ISO 20022. Engage in securing

real-time payments, SWIFT transactions, and digital banking services.

• PKI Deployment & Administration: Oversee Public Key Infrastructure (PKI), including
  
  

the design and management of certificate authorities (CA), subordinate CAs, and

registration authorities (RA). Administer certificate lifecycles, certificate revocation lists

(CRLs), and secure digital certificate distribution.

• Banking Data Encryption: Implement encryption strategies for sensitive banking data
  
  

both at rest and in transit, ensuring compliance with local and international financial

regulatory frameworks, including GDPR, FFIEC, and Basel III. Utilize encryption

algorithms such as AES, RSA, and ECC for optimal data protection.

• Security Hardening: Perform ongoing system hardening, security audits, and risk
  
  

assessments across HSMs, KMS, PKI, and payment security infrastructure. Identify and

mitigate vulnerabilities, ensuring that all cryptographic systems are resilient to attacks.

• Compliance & Risk Management: Ensure that all cryptographic operations adhere to
  
  

industry and banking standards, such as ISO 27001, PCI DSS, NIST SP 800-57, FIPS 140-

2, and eIDAS. Collaborate with internal audit teams to align practices with risk

management and data protection policies.

• Incident Response & Monitoring: Provide expert-level support during security incidents
  
  

related to cryptographic systems. Deploy proactive monitoring and logging to detect

anomalies or breaches in data encryption systems.

• Performance Optimization: Fine-tune the performance of cryptographic hardware and
  
  

software systems to meet the high transaction volumes typical of banking

environments. Ensure minimal latency and robust throughput in key management and

cryptographic processing.

Technical Requirements

• HSM Expertise: Proficiency with Utimaco HSM platforms, including CryptoServer Se,
  
  

CSe-Series, and CSeC-Series, with a focus on configuring key hierarchies, secure key

injection, and partitioning for multiple security domains.

• KMS Proficiency: In-depth knowledge of enterprise KMS systems, such as Gemalto
  
  

SafeNet, Thales CipherTrust, or AWS KMS, including handling complex key hierarchies

and ensuring keys are securely distributed and used across the enterprise.

• Payment Security Protocols: Expertise in securing payment systems following PCI HSM,
  
  

EMV, 3-D Secure, SWIFT standards, with direct experience in designing secure payment

channels, and using Hardware Security Modules to safeguard cryptographic keys used

in payment authorization and tokenization systems.

• Cryptographic Algorithms: Strong foundational knowledge of cryptographic algorithms,
  
  

including AES, RSA, ECC, SHA-2, SHA-3, HMAC, and practical experience with both

symmetric and asymmetric encryption methodologies.

• PKI and Certificate Management: Extensive experience with PKI infrastructures,
  
  

managing X.509 certificates, and familiarity with OCSP, SCEP, and LDAP for certificate

validation and revocation.

Qualifications And Experience

• Education: Bachelor's or Master's degree in Computer Science, Information Security, or
  
  

related field.

• Experience: Minimum of 5-7 years of focused experience in HSM, KMS, PKI, and
  
  

Payment Security solutions, particularly in high-compliance, high-security

environments such as banking, financial services, or payment processing.

• Industry Certifications: Certifications such as CISSP, CISM, CCSP, PCI DSS QSA, or
  
  

specialized certifications in HSM and KMS technologies (e.g., Utimaco Certified HSM

Specialist) are highly preferred.

• Banking Industry Experience: Strong background in securing banking and financial
  
  

transaction environments, with a thorough understanding of regulatory requirements

such as PCI DSS, PSD2, SWIFT CSP, and Basel III.

Personal Attributes

• Availability: Must be available for immediate onboarding or with minimal notice period.
• Analytical Mindset: Capable of evaluating complex cryptographic architectures and
  
  

identifying gaps and improvement areas in securing data workflows.

• Team Collaboration: Proven ability to work in cross-functional teams, including IT
  
  

infrastructure, compliance, and application development teams, to ensure

comprehensive data security strategies

Skills: pki infrastructures,compliance & risk management,utimaco hsm,certificate management,key management systems,security hardening,public key infrastructure,security,compliance,management,pki,hsm,encryption,data,kms,infrastructure,key management,hsm integration,public key infrastructure (pki),cryptography,payment security,data encryption,incident response,performance optimization,cryptographic algorithms,risk management,key management systems (kms)