Role: HSM Engineer
Location : Omaha, Nebraska / Phoenix, AZ
Department: HSM / Cryptography Key Management Services
Job Description
HSM Engineer role will be responsible for designing, deploying, configuring, and maintaining Hardware Security Modules used to protect sensitive cryptographic keys and perform secure cryptographic operations. This role ensures the security, availability, and compliance of cryptographic infrastructure in alignment with industry standards, security policies, and regulatory requirements.
Key Responsibilities
- HSM Administration & Operations
- Deploy, configure, and manage HSM devices (e.g., Thales, Entrust, Futurex, Utimaco)
- Maintain and update HSM inventory to ensure up-to-date tracking.
- Submit Firewall request to allow network traffic between HSM and client systems
- Manage HSM partitioning, remote HSM administration and auditing functions.
- Conduct firmware and software upgrades while maintaining operational continuity.
- Ensure HSM configurations meet compliance standards (PCI-DSS, PIN, HIPAA, GDPR, ISO 27001, etc.).
- Monitor for unauthorized access or anomalies in cryptographic operations.
- Participate in internal and external security audits.
- Work with development and infrastructure teams to integrate cryptographic services into business applications.
- Troubleshoot HSM integration issues with applications, APIs, and security services.
- Implement automated monitoring and alerting for HSM performance and health.
- Respond to cryptographic security incidents and investigate root causes.
- Provide on-call support for HSM-related issues and outages.
Required Qualifications
- Bachelor's degree in computer science, Information Security, or related field (or equivalent experience).
- 3 5 years of experience in HSM administration and/or cryptographic operations
- Hands-on experience with HSM vendors such as Thales, Entrust, Futurex, Utimaco, or SafeNet.
- Strong understanding of PKI, digital certificates, TLS/SSL, and key management practices.
- Familiarity with security standards: FIPS 140-2/140-3, NIST SP 800 series, PCI-DSS.
- Experience with scripting languages (Python, PowerShell, Bash) for automation.
Preferred Qualifications
- Cloud HSM experience (AWS CloudHSM, Azure Key Vault Managed HSM, Google Cloud Platform Cloud HSM).
- Certification such as CISSP, CISM, CCSP, or vendor-specific HSM certification.
- Experience with hardware cryptography in payment systems, banking, or government environments.
- Knowledge of secure application development and API security.
Soft Skills
Strong problem-solving and analytical skills.
Ability to work under pressure in high-security environments.
Excellent communication and documentation skills.
Ability to collaborate with cross-functional teams.
Working Conditions
May require occasional travel for HSM installation or maintenance.
On-call rotation for 24/7 HSM support.
Secure lab environment for key ceremonies and cryptographic operations.
Never miss an opportunity! Create an alert based on the job you applied for.
