HSM Security Engineer

We are seeking a mid-to-senior level Security Engineer to design, implement, and support enterprise security solutions focused on cryptography, key management, and HSM platforms. This role sits within the Global Information Security (GIS) team and works closely with application, infrastructure, and business teams to deliver secure, compliant crypto solutions across the organization.

Job Responsibilities:
• Design, implement, and maintain cryptographic security solutions, including key management systems and hardware security modules (HSMs)
• Partner with internal stakeholders to understand application and system security requirements and translate them into practical crypto solutions
• Evaluate and recommend the technical and operational feasibility of encryption and key management approaches
• Maintain and enhance hosted crypto platforms supporting payments, key management, and general-purpose encryption, ensuring compliance with banking and industry security standards
• Build proofs of concept and prototypes, and support solutions through design, testing, and production rollout
• Collaborate with database, operations, technical support, and engineering teams throughout the implementation lifecycle
• Administer and manage cryptographic keys, including:
• Key lifecycle management (creation, rotation, expiration, revocation)
• Centralized key management with strict access controls
• Alignment with internal security policies and standards

This role requires candidates to sit onsite 5 days a week in Denver, Chicago, Addison, Washington, DC or Charlotte

We are a company committed to creating diverse and inclusive environments where people can bring their full, authentic selves to work every day. We are an equal opportunity/affirmative action employer that believes everyone matters. Qualified candidates will receive consideration for employment regardless of their race, color, ethnicity, religion, sex (including pregnancy), sexual orientation, gender identity and expression, marital status, national origin, ancestry, genetic factors, age, disability, protected veteran status, military or uniformed service member status, or any other status or characteristic protected by applicable laws, regulations, and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application or recruiting process, please send a request to HR@insightglobal.com.To learn more about how we collect, keep, and process your private information, please review Insight Global's Workforce Privacy Policy: https://insightglobal.com/workforce-privacy-policy/.

• 5-7 years of experience working with HSM (Hardware Security Modules) functions, Key Management and Cryptography (specifically Thales Luna HSM)
• 5-7 years of experience integrating and working with RESTful APIs (Postman, Insomnia)
• Experience implementing security best practices per Oasis KMIP 2 standards (including NIST SP 800-57, PCI DSS, GDPR
• Experience managing and securing systems in Linux and Windows environments
• Experience with cryptographic interfaces and frameworks such as PKCS#11, JCE, .NET, MS CNG
Experience implementing monitoring and logging solutions (Splunk)

• Hands on experience working in containerized, cloud native environments including Kubernetes and OpenShift
• Understand and implement enterprise cryptography standards per industry. Specialize in crypto products like Thales CipherTrust Manager, Hardware Security Modules and Payshield 10x.
• • Database encryption with Microsoft SQL TDE, Oracle TDE with PKCS11 and KMIP compliant products.
• • Work closely with stakeholders to define crypto requirement for KMS and HSM needs.

Benefit packages for this role will start on the 1st day of employment and include medical, dental, and vision insurance, as well as HSA, FSA, and DCFSA account options, and 401k retirement account access with employer matching. Employees in this role are also entitled to paid sick leave and/or other paid time off as provided by applicable law.