Security Specialist Sr - HSM authentication / Encryption Key Lifecycle
Pittsburgh, PA
Full Time
Scheduled work from home days
2 days in office, or for emergencies so needs to be within reasonable distance
We are seeking an experienced
Senior Security Specialist with hands-on expertise in
Hardware Security Modules (HSMs),
encryption key lifecycle management, and cryptographic solutions. This person will play a critical role in enhancing our organization's enterprise key management capabilities and contributing to our security infrastructure in a regulated environment.
Key Responsibilities
- Serve as SME for enterprise encryption and HSMs (Thales/nShield/Cloud HSMs).
- Implement and manage encryption key lifecycle processes: generation, storage, distribution, archival, and destruction.
- Conduct and document key ceremonies, enforce dual control, and ensure chain of custody.
- Perform HSM lifecycle tasks: initialization, configuration, updates, tamper handling, and decommissioning.
- Develop and implement cryptographic policies and solutions based on business needs.
- Maintain Secure Room infrastructure and access policies.
- Collaborate with security, infrastructure, and application teams for key and encryption management.
- Monitor and improve cryptographic controls based on security assessments and risk evaluations.
- Draft SOPs, policies, and control documentation ensuring alignment with standards and regulations.
Required & Preferred Skills
Must Have
- Hands-on experience with Thales or nShield HSMs
- Proficiency in encryption key lifecycle management, including key ceremonies
- Strong knowledge of cryptographic concepts (PKI, AES, RSA, etc.)
- Experience working in a regulated or banking environment
- Understanding of access control, network security, and data loss prevention
- Comfortable working in hybrid (onsite/offsite) setup
Preferred:
- Experience with Thales CipherTrust, CKKM, Oracle Key Vault
- Familiarity with BYOK/HYOK in AWS, Azure, or GCP
- Exposure to scripting (Python, PowerShell)
- Knowledge of Dynatrace, PowerBI, Jira, Confluence, and LogScale
- Any relevant security certifications (CISSP, CISM, GIAC)
Skill Matrix Template –
Full Name
Degree Major with University and Completion Year:
Total Experience In Cybersecurity / IT Security
Total Experience with Hardware Security Modules (HSMs):
Which HSMs have you worked with? (e.g., Thales, nShield, Cloud HSMs):
Experience with Encryption Key Lifecycle Management? (Describe scope – ceremonies, dual control, tools used):
Have you worked in a banking or highly regulated industry? (If yes, describe the environment):
Experience with Secure Room operations or PED-based ceremonies?
Experience with Thales CipherTrust Manager, CCKM, Oracle Key Vault (Yes/No – Please elaborate):
Cloud encryption expertise (BYOK/HYOK in AWS, Azure, GCP)?
Scripting knowledge (e.g., Python, PowerShell)?
Experience with security reporting tools (e.g., PowerBI, Dynatrace, LogScale)?
Security Certifications (CISSP, GIAC, CISM, Etc.)
Are you within commuting distance of Pittsburgh, PA? (Yes/No):
Willing to work 2 days onsite as needed? (Yes/No):
Motivation/Reason For Interest In This Position
Motivation/Reason for Relocation (if not local to Pittsburgh):
Contact Number
Email ID:
LinkedIn Profile URL
Full Address (Street, City, State, ZIP Code):
Notice Period (in Weeks)
Current Work Authorization Status (e.g., US Citizen, Green Card, H1B, etc.):
Expected Salary
Are you willing to relocate at your own expense and work hybrid in Pittsburgh, PA (Yes/No):
