Security Specialist Sr - HSM authentication / Encryption Key Lifecycle
Pittsburgh, PA
Full Time
Scheduled work from home days
2 days in office, or for emergencies so needs to be within reasonable distance
We are seeking an experienced
Senior Security Specialist with hands-on expertise in
Hardware Security Modules (HSMs),
encryption key lifecycle management, and cryptographic solutions. This person will play a critical role in enhancing our organization's enterprise key management capabilities and contributing to our security infrastructure in a regulated environment.
Key Responsibilities
- Serve as SME for enterprise encryption and HSMs (Thales/nShield/Cloud HSMs).
- Implement and manage encryption key lifecycle processes: generation, storage, distribution, archival, and destruction.
- Conduct and document key ceremonies, enforce dual control, and ensure chain of custody.
- Perform HSM lifecycle tasks: initialization, configuration, updates, tamper handling, and decommissioning.
- Develop and implement cryptographic policies and solutions based on business needs.
- Maintain Secure Room infrastructure and access policies.
- Collaborate with security, infrastructure, and application teams for key and encryption management.
- Monitor and improve cryptographic controls based on security assessments and risk evaluations.
- Draft SOPs, policies, and control documentation ensuring alignment with standards and regulations.
Required & Preferred Skills
Must Have:
- Hands-on experience with Thales or nShield HSMs
- Proficiency in encryption key lifecycle management, including key ceremonies
- Strong knowledge of cryptographic concepts (PKI, AES, RSA, etc.)
- Experience working in a regulated or banking environment
- Understanding of access control, network security, and data loss prevention
- Comfortable working in hybrid (onsite/offsite) setup
Preferred:
- Experience with Thales CipherTrust, CKKM, Oracle Key Vault
- Familiarity with BYOK/HYOK in AWS, Azure, or GCP
- Exposure to scripting (Python, PowerShell)
- Knowledge of Dynatrace, PowerBI, Jira, Confluence, and LogScale
- Any relevant security certifications (CISSP, CISM, GIAC)
Skill Matrix Template -
Full Name:
Degree Major with University and Completion Year:
Total Experience in Cybersecurity / IT Security:
Total Experience with Hardware Security Modules (HSMs):
Which HSMs have you worked with? (e.g., Thales, nShield, Cloud HSMs):
Experience with Encryption Key Lifecycle Management? (Describe scope - ceremonies, dual control, tools used):
Have you worked in a banking or highly regulated industry? (If yes, describe the environment):
Experience with Secure Room operations or PED-based ceremonies?
Experience with Thales CipherTrust Manager, CCKM, Oracle Key Vault (Yes/No - Please elaborate):
Cloud encryption expertise (BYOK/HYOK in AWS, Azure, GCP)?
Scripting knowledge (e.g., Python, PowerShell)?
Experience with security reporting tools (e.g., PowerBI, Dynatrace, LogScale)?
Security Certifications (CISSP, GIAC, CISM, etc.):
Are you within commuting distance of Pittsburgh, PA? (Yes/No):
Willing to work 2 days onsite as needed? (Yes/No):
Motivation/Reason for Interest in This Position:
Motivation/Reason for Relocation (if not local to Pittsburgh):
Contact Number:
Email ID:
LinkedIn Profile URL:
Full Address (Street, City, State, ZIP Code):
Notice Period (in weeks):
Current Work Authorization Status (e.g., US Citizen, Green Card, H1B, etc.):
Expected Salary:
Are you willing to relocate at your own expense and work hybrid in Pittsburgh, PA (Yes/No):
