Senior Cryptographic Engineer (Banking & Payments Domain) at Endava

Bengaluru, karnataka, India -

Full Time

Start Date

Immediate

Expiry Date

23 Jun, 26

Salary

0.0

Posted On

25 Mar, 26

Experience

5 year(s) or above

Remote Job

Yes

Telecommute

Yes

Sponsor Visa

Skills

Cryptographic Key Management, HSMs, Cloud KMS, AWS CloudHSM, PCI PIN, PCI DSS, ISO 27001, FIPS 140-3, ANSI X9.24, Key Lifecycle Management, Thales, Entrust, Utimaco, SIEM Integration, Python, Ansible

Industry

IT Services and IT Consulting

Description

Job Description We are seeking a senior-level Cryptographic Engineer (5+ years experience) with extensive hands-on expertise in cryptographic key management within banking and PCI-regulated payment environments. This role is responsible for strengthening and modernizing enterprise cryptographic capabilities across on-premises HSMs, Cloud KMS platforms, and AWS CloudHSM environments. The candidate will lead the assessment, design, implementation, and governance of secure cryptographic systems aligned to global regulatory standards. Key responsibilities include: Designing and implementing secure-by-design key lifecycle management (generation, distribution, rotation, archival, destruction) Managing LMK/ZMK hierarchies and payment HSM environments in PCI PIN contexts Architecting and implementing hybrid cryptographic solutions across: Cloud KMS (AWS, Azure, GCP) AWS CloudHSM (mandatory) On-prem HSM platforms (Thales, Entrust, Utimaco) Assessing current KMS/HSM processes and identifying gaps against PCI PIN, PCI DSS, ISO 27001, NIST, FIPS 140-3, and ANSI X9.24 Translating complex cryptographic risks into clear business risk and remediation strategies Digitizing lifecycle evidence through tamper-evident/WORM logging, SIEM integration, and defining event taxonomy, alerting, runbooks, and dashboards Developing detailed Standard Operating Procedures (SOPs) for key ceremonies, incident response, and disaster recovery Leading cross-functional workshops and engaging with senior stakeholders, auditors, and regulators Qualifications 5-10 years of extensive hands-on experience in cryptographic key management Strong practical experience with enterprise HSM platforms in banking environments Proven experience in banking and payments domain, including PCI-regulated systems Deep knowledge of: PCI PIN & PCI DSS Core banking encryption frameworks LMK/payment HSM models Proven implementation experience in: At least one major cloud provider (AWS preferred) AWS CloudHSM (mandatory) On-prem enterprise HSM deployments Strong understanding of: TR-31, ANSI X9.24 KMIP, PKCS#11 FIPS 140-3 ISO/IEC 27001 cryptographic controls NIST SP 800-57 and related standards Experience in: Digitizing cryptographic evidence and integrating with SIEM platforms Designing and documenting SOPs and operational runbooks Strong scripting/automation capability (Python, Ansible, PowerShell, Terraform) Excellent communication, documentation, and stakeholder management skills Ability to distill complex cryptographic concepts into business impact Additional Information At Endava, we’re committed to creating an open, inclusive, and respectful environment where everyone feels safe, valued, and empowered to be their best. We welcome applications from people of all backgrounds, experiences, and perspectives—because we know that inclusive teams help us deliver smarter, more innovative solutions for our customers. Hiring decisions are based on merit, skills, qualifications, and potential. If you need adjustments or support during the recruitment process, please let us know.

Responsibilities

This role involves strengthening and modernizing enterprise cryptographic capabilities across on-premises HSMs, Cloud KMS platforms, and AWS CloudHSM environments. Key duties include designing and implementing secure key lifecycle management and managing LMK/ZMK hierarchies in PCI PIN contexts.