Hardware Security Modules-Remote
Position Summary:
We are seeking a highly skilled and motivated HSM (hardware security module) Engineer to join our Cybersecurity Engineering team. This role will support the implementation, management, and operational oversight of Hardware Security Modules (HSMs) and related cryptographic systems. The ideal candidate will have extensive experience working with data encryption technologies, secure key management, and enterprise-scale infrastructure.
The engineer will also support secure room operations, including physical device handling, inventory control, and chain-of-custody protocols. This is a hands-on, onsite role located in Pensacola, FL, requiring physical presence for secure room access and compliance activities.
Primary Responsibilities:
Research, evaluate, design, implement, and maintain HSM-based security solutions
Support secure room operations, including device handling, physical access control, and chain-of-custody management
Implement encryption solutions for data at rest and in transit, including TDE for databases (Oracle, SQL Server, etc.)
Administer and maintain Hardware Security Modules (Futurex, Thales, Entrust, etc.)
Develop and document processes for HSM lifecycle management, key ceremonies, and system hardening
Support cryptographic key management systems (KMS) and key lifecycle practices
Respond to incidents, perform troubleshooting, and contribute to secure operational uptime
Maintain strong documentation, inventory control records, and asset tracking within the secure environment
Collaborate with cross-functional teams to stand up new security solutions and ensure alignment with compliance standards
Develop and maintain technical diagrams, SOPs, and procedural documentation
Monitor systems and implement alerting mechanisms for operational awareness
Participate in audits, access reviews, and operational process assessments
Required Qualifications:
5+ years of experience in cybersecurity, system engineering, or HSM management
Strong experience with encryption solutions (data at rest/in transit, TDE, TLS, etc.)
Experience with HSMs and cryptographic infrastructure in large enterprise environments
Solid understanding of encryption, key management, and cryptographic ciphers
Hands-on experience with Windows and Unix/Linux operating systems
Familiarity with virtualized environments and server management
Experience supporting daily operations in a highly secure, regulated environment
Working knowledge of ServiceNow, Microsoft Office, and Excel (complex formulas and charting)
Experience with physical security tools, including safes, access control systems, and video surveillance
Experience with chain of custody protocols and physical asset control
Strong procedural writing skills and experience with process documentation
Conceptual understanding of network architecture, firewalls, and subnets
Preferred Qualifications:
CISSP or other cybersecurity certification (preferred, not required)
Experience with Key Management Systems (KMS) and key lifecycle platforms
Familiarity with tools like Venafi, CipherTrust, or CodeSign Protect
Knowledge of integrity monitoring, alerting, and operational security tooling
Background in supporting regulated environments (e.g., PCI DSS, NIST, FFIEC)
Please use the skills matrix below with your candidate's professional years of experience:
Overall professional experience
Cybersecurity, system engineering, or HSM management
Encryption solutions (data at rest/in transit, TDE, TLS, etc.)
HSMs and cryptographic infrastructure in large enterprise environments
Encryption, key management, and cryptographic ciphers
Windows and Unix/Linux operating systems
Virtualized environments and server management
Supporting daily operations in a highly secure, regulated environment
ServiceNow, Microsoft Office, and Excel (complex formulas and charting)
Physical security tools, including safes, access control systems, and video surveillance
Chain of custody protocols and physical asset control
Procedural writing skills and experience with process documentation
Network architecture, firewalls, and subnets
Is your candidate CISSP certified?
Hold any other cybersecurity certs?
Where does your candidate currently live?
Any issues working onsite 100% in Pensacola, FL?
What is your candidate's status (USC, GC, H1)?
Candidates must be able to work inside a secure room environment and adhere to physical access policies any issues?
Please include your candidate's LinkedIn profile.
As always, please remember resumes are NO LONGER than 5 pages and the candidates experience must start on page 1. Candidate's full legal name, email address, contact number, and LinkedIn profile must be on page 1.