Data Security Engineer
Location: Qatar Onside
Experience Required: 57 Years
Duration 1yr (Renewable)
Banking Experience Mandatory
Availability: Immediate Joiner Preferred
Position Overview:
We are looking for a highly skilled Data Security Engineer with deep technical expertise in
Utimaco Hardware Security Modules (HSM) or similar kind other vendor Key Management
Systems (KMS) Payment Security and Public Key Infrastructure (PKI). The ideal candidate
will bring at least 57 years of handson experience in securing critical data systems with a
specific focus on the banking and financial services sectors. This role requires someone with
a strong cryptographic background and have solid cyber security foundation and a proven
track record in deploying managing and optimizing security solutions for sensitive data.
Key Responsibilities:
HSM Integration & Management: Design deploy configure and maintain Utimaco HSMs
for cryptographic key storage and processing. Ensure secure generation storage and
usage of cryptographic keys in line with banking compliance frameworks.
Key Management Systems (KMS): Architect and operationalize Key Management
Systems to support key lifecycle management including key generation distribution
rotation and destruction. Implement enterprisegrade encryption practices with
emphasis on security performance and compliance.
Payment Security Implementation: Secure the endtoend lifecycle of payment
transactions through encryption tokenization and key management protocols. Develop
and enforce standards compliant with PCI DSS EMV and ISO 20022. Engage in securing
realtime payments SWIFT transactions and digital banking services.
PKI Deployment & Administration: Oversee Public Key Infrastructure (PKI) including
the design and management of certificate authorities (CA) subordinate CAs and
registration authorities (RA). Administer certificate lifecycles certificate revocation lists
(CRLs) and secure digital certificate distribution.
Banking Data Encryption: Implement encryption strategies for sensitive banking data
both at rest and in transit ensuring compliance with local and international financial
regulatory frameworks including GDPR FFIEC and Basel III. Utilize encryption
algorithms such as AES RSA and ECC for optimal data protection.
Security Hardening: Perform ongoing system hardening security audits and risk
assessments across HSMs KMS PKI and payment security infrastructure. Identify and
mitigate vulnerabilities ensuring that all cryptographic systems are resilient to attacks.
Compliance & Risk Management: Ensure that all cryptographic operations adhere to
industry and banking standards such as ISO 27001 PCI DSS NIST SP 80057 FIPS 140
2 and eIDAS. Collaborate with internal audit teams to align practices with risk
management and data protection policies.
Incident Response & Monitoring: Provide expertlevel support during security incidents
related to cryptographic systems. Deploy proactive monitoring and logging to detect
anomalies or breaches in data encryption systems.
Performance Optimization: Finetune the performance of cryptographic hardware and
software systems to meet the high transaction volumes typical of banking
environments. Ensure minimal latency and robust throughput in key management and
cryptographic processing.
Technical Requirements:
HSM Expertise: Proficiency with Utimaco HSM platforms including CryptoServer Se
CSeSeries and CSeCSeries with a focus on configuring key hierarchies secure key
injection and partitioning for multiple security domains.
KMS Proficiency: Indepth knowledge of enterprise KMS systems such as Gemalto
SafeNet Thales CipherTrust or AWS KMS including handling complex key hierarchies
and ensuring keys are securely distributed and used across the enterprise.
Payment Security Protocols: Expertise in securing payment systems following PCI HSM
EMV 3D Secure SWIFT standards with direct experience in designing secure payment
channels and using Hardware Security Modules to safeguard cryptographic keys used
in payment authorization and tokenization systems.
Cryptographic Algorithms: Strong foundational knowledge of cryptographic algorithms
including AES RSA ECC SHA2 SHA3 HMAC and practical experience with both
symmetric and asymmetric encryption methodologies.
PKI and Certificate Management: Extensive experience with PKI infrastructures
managing X.509 certificates and familiarity with OCSP SCEP and LDAP for certificate
validation and revocation.
Qualifications and Experience:
Education: Bachelors or Masters degree in Computer Science Information Security or
related field.
Experience: Minimum of 57 years of focused experience in HSM KMS PKI and
Payment Security solutions particularly in highcompliance highsecurity
environments such as banking financial services or payment processing.
Industry Certifications: Certifications such as CISSP CISM CCSP PCI DSS QSA or
specialized certifications in HSM and KMS technologies (e.g. Utimaco Certified HSM
Specialist) are highly preferred.
Banking Industry Experience: Strong background in securing banking and financial
transaction environments with a thorough understanding of regulatory requirements
such as PCI DSS PSD2 SWIFT CSP and Basel III.
Personal Attributes:
Availability: Must be available for immediate onboarding or with minimal notice period.
Analytical Mindset: Capable of evaluating complex cryptographic architectures and
identifying gaps and improvement areas in securing data workflows.
Team Collaboration: Proven ability to work in crossfunctional teams including IT
infrastructure compliance and application development teams to ensure
comprehensive data security strategies
certificate management,incident response,key management,risk management,encryption,pki,kms,management,payment security,key management systems,cryptography,cryptographic algorithms,security hardening,public key infrastructure,compliance standards,infrastructure,public key infrastructure (pki),hsm integration,hsm,key management systems (kms),pki infrastructures,data,data encryption,compliance,performance optimization,compliance & risk management,utimaco hsm,security
Data Security Engineer HSM PKI
