Job Summary

• To provide advice and support in practice formulation and associated best practice improvement tactics; enabling the provision of specialist information technology security expertise.

Job Description

• We are seeking a highly skilled and experienced Senior Cryptography Engineer to join our security engineering team.
• This role is critical in managing cryptographic key lifecycles, designing and maintaining secure key management systems, and ensuring compliance with industry standards such as PCI DSS.
• The ideal candidate will have deep expertise in cryptographic principles, hands-on experience with on-premise and cloud environments (AWS and Azure), and a strong understanding of risk management practices.

About the role:

• Process: Provide specialist advice and support to safeguard information systems and associated assets through the identification and management of security risks. Identify, diagnose and recommend improvements and provide specialist advice and support to ensure that solutions are appropriate and effective.
• Use practical knowledge and theoretical guidelines, to diagnose area of specialisation problems and generate workable solutions.
• Perform security audits and clean-ups to ensure accurate and up to date access within the organisation.
• Perform, advise and provide information on risk management impacts and mitigate risk in respect of system and application access.
• Analyze IT related access reports to identify discrepancies and anomalies and recommend remedial action.
• Provide specialist advice and support in defining standard operating procedures (SOP’s).
• Conduct research and gather data to provide input to operational reporting and decision-making processes.
• Provide specialist advice to plan for value-added process improvements, initiatives and services to deliver on operational objectives.
• Provide expertise to identify and develop solutions to improve the quality of processes and services.
• Client/Customer: Provide support and contribute to a culture of customer service excellence that meets and exceeds exceptional service.
• Build relationships with customers that contribute to a culture of customer service excellence.
• Conduct: Ensure that all activities and duties are carried out in full compliance with regulatory requirements, Enterprise-Wide Risk Management Framework and internal Policies and Policy Standards.
• Finance: Contribute to the effective reduction of cost and financial wastage in line with organisational policies and procedures.
• Learning and Growth: Participate in forums that positively contributes to knowledge improvement.
• Provide advice and support in the management of change and offer operational support where required.

Key Responsibilities:

Key Management & Cryptographic Operations

• Oversee the full lifecycle of cryptographic keys: generation, distribution, rotation, archival, and destruction.
• Manage and maintain Hardware Security Modules (HSMs) and Key Management Systems (KMS) across on-prem and cloud environments.
• Implement and enforce key usage policies and access controls.

Engineering & Architecture

• Design and implement secure cryptographic solutions in both on-premise and cloud infrastructures (AWS KMS, Azure Key Vault).
• Collaborate with DevOps and Infrastructure teams to integrate cryptographic services into CI/CD pipelines and application workflows.
• Develop automation scripts and tools to streamline cryptographic operations and monitoring.

Compliance & Risk Management

• Ensure cryptographic systems and practices comply with PCI DSS, NIST, and other relevant standards.
• Conduct risk assessments related to cryptographic systems and recommend mitigation strategies.
• Participate in audits and provide documentation and evidence of compliance.

Collaboration & Leadership

• Act as a subject matter expert (SME) for cryptography and key management.
• Mentor junior engineers and provide guidance on secure coding and encryption best practices.
• Work cross-functionally with security, compliance, and engineering teams to align cryptographic practices with business goals.

Experience & Qualifications Required:

• Bachelor’s degree in computer science, Information Security, or a related field.
• 5+ years of experience in cryptography, key management, or security engineering roles.
• Strong knowledge of cryptographic algorithms, protocols (TLS, PKI, etc.), and standards (FIPS 140-2/3, NIST SP 800 series).
• Hands-on experience with AWS KMS, Azure Key Vault, and on-prem HSMs (e.g., Thales, Entrust, AWS CloudHSM).
• Familiarity with PCI DSS requirements and audit processes.
• Proficiency in scripting languages (Python, Bash, etc.) and infrastructure-as-code tools (Terraform, CloudFormation).

Preferred Qualifications:

• Certifications such as CISSP, CISM, AWS Security Specialty, or GIAC Cryptography (GCTY).
• Experience with containerized environments (Docker, Kubernetes) and securing secrets in such ecosystems.
• Knowledge of secure software development lifecycle (SSDLC) and threat modeling.

Competencies:

• Strong analytical and problem-solving skills.
• Excellent communication and documentation abilities.
• Ability to work independently and as part of a distributed team.
• Openness to change

Education

• Bachelor`s Degrees and Advanced Diplomas: Physical, Mathematical, Computer and Life Sciences (Required)

End Date: June 11, 2025 (5 days left to apply)