Senior Information Technology Security Consultant

Job Description – Data Infrastructure Security EngineerPosition Title: Data Infrastructure Security EngineerFocus Area: Encryption, Key Management & Secure Data HandlingType: Full-timeRole OverviewThe Data Infrastructure Protection Engineer will be responsible for designing, implementing, and maintaining enterprise-grade cryptographic security controls across the organization’s data infrastructure. The role focuses on ensuring secure data handling, robust key-management practices, and advanced protection of sensitive information using PKI, HSM, CLM, and emerging quantum-safe technologies.The engineer will work closely with security, infrastructure, and application teams to enforce strong cryptographic standards and support secure digital identity management across platforms.Key Responsibilities1. Cryptographic Infrastructure Management - UtimacoDeploy, manage, and optimize Public Key Infrastructure (PKI) solutions using Nokia technologies.Support digital signature services, certificate management, and trust-store maintenance.Oversee Certificate Lifecycle Management (CLM) processes including issuance, renewal, and revocation using Nokia CLM platforms.2. Encryption & Key ManagementIntegrate and manage Hardware Security Modules (HSMs)—primarily Utimaco—for secure key generation, storage, and cryptographic operations.Develop and enforce enterprise key-management procedures aligned with security policies and compliance standards.Ensure strong encryption for data-at-rest, data-in-transit, and secure application-level cryptographic operations.3. Quantum-Safe Security EnablementEvaluate and implement Quantum Key Distribution (QKD) technologies for secure communication channels.Support the transition towards quantum-resistant cryptographic algorithms and hybrid security models.Collaborate with specialized vendors for deployment of QKD infrastructure.4. Secure Data HandlingEstablish and maintain standards for secure data processing, classification, and storage.Integrate cryptographic controls with data-protection tools, applications, and platforms.Work with DevOps / Cloud teams to embed encryption and certificates into CI/CD pipelines.5. Compliance, Monitoring & Incident ResponseEnsure adherence to internal security policies, regulatory frameworks, and industry best practices.Monitor cryptographic system performance, certificate expiry, and key-usage patterns.Investigate cryptographic or certificate-related incidents and perform root-cause analysis.Required Skills & ExperienceTechnical ExpertiseStrong hands-on experience with PKI technologies, certificate services, and digital signature platforms — preferably Nokia PKI solutions.Practical knowledge of HSMs (Utimaco - MUST HAVE) including key storage, crypto operations, and administration.Experience with Certificate Lifecycle Management (CLM) platforms (Nokia CLM ideal).Understanding of Quantum Key Distribution (QKD) principles and quantum-safe cryptography.Proficiency in encryption standards (AES, RSA, ECC), TLS, secure protocols, and cryptographic APIs.Additional SkillsExperience with automation for certificate deployment (e.g., Ansible, Python, Shell).Strong troubleshooting and analytical skills.Knowledge of compliance frameworks (ISO 27001, NIST SP 800-57, GDPR, PCI DSS).Education & CertificationsBachelor’s or Master’s in Computer Science, Information Security, or related field.Certifications preferred: CISSP, CISM, CEH, CCSPVendor-specific: HSM or PKI certifications are a plus.Soft SkillsStrong communication and documentation abilities.Ability to collaborate with cross-functional teams.Proactive, detail-oriented, and security-focused mindset.