Senior Cryptographic Engineer (Banking & Payments Domain)

endava· Client Delivery
Apply Now ↗

About this role

Company Description

Job Description

We are seeking a senior-level Cryptographic Engineer (5+ years experience) with extensive hands-on expertise in cryptographic key management within banking and PCI-regulated payment environments.

This role is responsible for strengthening and modernizing enterprise cryptographic capabilities across on-premises HSMs, Cloud KMS platforms, and AWS CloudHSM environments. The candidate will lead the assessment, design, implementation, and governance of secure cryptographic systems aligned to global regulatory standards.

Key responsibilities include:

  • Designing and implementing secure-by-design key lifecycle management (generation, distribution, rotation, archival, destruction)
  • Managing LMK/ZMK hierarchies and payment HSM environments in PCI PIN contexts
  • Architecting and implementing hybrid cryptographic solutions across:
    • Cloud KMS (AWS, Azure, GCP)
    • AWS CloudHSM (mandatory)
    • On-prem HSM platforms (Thales, Entrust, Utimaco)
  • Assessing current KMS/HSM processes and identifying gaps against PCI PIN, PCI DSS, ISO 27001, NIST, FIPS 140-3, and ANSI X9.24
  • Translating complex cryptographic risks into clear business risk and remediation strategies
  • Digitizing lifecycle evidence through tamper-evident/WORM logging, SIEM integration, and defining event taxonomy, alerting, runbooks, and dashboards
  • Developing detailed Standard Operating Procedures (SOPs) for key ceremonies, incident response, and disaster recovery
  • Leading cross-functional workshops and engaging with senior stakeholders, auditors, and regulators

Qualifications

  • 5-10 years of extensive hands-on experience in cryptographic key management
  • Strong practical experience with enterprise HSM platforms in banking environments
  • Proven experience in banking and payments domain, including PCI-regulated systems
  • Deep knowledge of:
    • PCI PIN & PCI DSS
    • Core banking encryption frameworks
    • LMK/payment HSM models
  • Proven implementation experience in:
    • At least one major cloud provider (AWS preferred)
    • AWS CloudHSM (mandatory)
    • On-prem enterprise HSM deployments
  • Strong understanding of:
    • TR-31, ANSI X9.24
    • KMIP, PKCS#11
    • FIPS 140-3
    • ISO/IEC 27001 cryptographic controls
    • NIST SP 800-57 and related standards
  • Experience in:
    • Digitizing cryptographic evidence and integrating with SIEM platforms
    • Designing and documenting SOPs and operational runbooks
  • Strong scripting/automation capability (Python, Ansible, PowerShell, Terraform)
  • Excellent communication, documentation, and stakeholder management skills
  • Ability to distill complex cryptographic concepts into business impact

Additional Information

At Endava, we’re committed to creating an open, inclusive, and respectful environment where everyone feels safe, valued, and empowered to be their best. We welcome applications from people of all backgrounds, experiences, and perspectives—because we know that inclusive teams help us deliver smarter, more innovative solutions for our customers. Hiring decisions are based on merit, skills, qualifications, and potential. If you need adjustments or support during the recruitment process, please let us know.

Frequently Asked Questions

Is the salary disclosed for the Senior Cryptographic Engineer (Banking & Payments Domain) position at endava?
The salary for this Senior Cryptographic Engineer (Banking & Payments Domain) role at endava is not publicly listed. Click "Apply Now" to learn more about the compensation package on their official careers page.
Where is the Senior Cryptographic Engineer (Banking & Payments Domain) position at endava located?
This Senior Cryptographic Engineer (Banking & Payments Domain) role at endava is based in Bengaluru, Bengaluru, Karnataka, India, Karnataka, in. The position is listed as on-site or hybrid. Check the full job description or apply directly to confirm the work arrangement.
Is the Senior Cryptographic Engineer (Banking & Payments Domain) role at endava full-time or part-time?
This is listed as a Full time position. It is posted as a Senior Cryptographic Engineer (Banking & Payments Domain) role in the Client Delivery department at endava.
Which team or department does the Senior Cryptographic Engineer (Banking & Payments Domain) at endava belong to?
This Senior Cryptographic Engineer (Banking & Payments Domain) position is part of the Client Delivery department at endava. See the full job description for more information about the team structure and responsibilities.
How do I apply for the Senior Cryptographic Engineer (Banking & Payments Domain) position at endava?
Click the "Apply Now" button on this page. You will be redirected to endava's official application portal hosted on smartrecruiters where you can submit your application directly.
When was the Senior Cryptographic Engineer (Banking & Payments Domain) job at endava posted?
This Senior Cryptographic Engineer (Banking & Payments Domain) position at endava was posted on Mar 25, 2026. Apply as soon as possible — early applications are often reviewed first.
Senior Cryptographic Engineer (Banking & Payments Domain)
endava
Apply for this role ↗

You'll be redirected to endava's official application page on SmartRecruiters.