Halian - security architect
Luxembourg
Position overview
We are seeking a highly skilled and innovative Security Architect (KMS) to join our dynamic team. The successful candidate will be responsible for designing, implementing, and testing a secure KMS architecture integrated with Trusted Execution Environments (TEE) and hardware Security Modules (HSM), ensuring robust functionality and adherence to industry standards. This role requires a deep understanding of cryptographic principles, TEE platforms, HSM solutions, and network security protocols.
Key responsibilities
Define KMS functionality and design clean interactions with classical KMS functionality as part of the software architecture definition.
Design secure KMS architecture based on selected TEE platforms and HSM, including internal and external interfaces.
Design static and dynamic software architecture for specific KMS functionality running in TEE, addressing software-software and software-hardware interfaces.
Identify key specific KMS functionalities to be prototyped and executed within TEE.
Analyze standardized protocols for key management and KMS interaction, focusing on KMIP and PKCS, and select the most suitable protocol.
Analyze available TEE-enabling platforms, with a focus on AMD and ARM, and select the most appropriate for the application.
Analyze COTS Key Management and HSM solutions from leading European providers, selecting the HSM solution meeting requirements.
Implement TEE with selected key-specific KMS functionalities and test interfaces with selected HSM solution.
Derive a blueprint for formal specification of secure KMS design and properties, or an actual formal specification of a chosen subset of key functionality.
Analyze the implementation of Blockchain technology to facilitate traceable authenticated key negotiations and auditable key synchronization.
Produce implementation of prototype based on design, or formally verified implementation with mathematical guarantees.
Perform validation testing of selected key specific KMS functionalities implemented in TEE, focusing on interaction with HSM, and report findings.
Test implemented functionality in TEE and interaction with HSM in overall network setup to test interaction between secure KMS and terrestrial Quantum Key Distribution (QKD) infrastructure.
Qualifications
Bachelor's or Master's degree in Computer Science, Information Security, or related field.
Proven experience in designing and implementing secure architectures for cryptographic systems.
Expertise in Trusted Execution Environments (TEE), Hardware Security Modules (HSM), and network security protocols.
Strong understanding of cryptographic principles and key management best practices.
Familiarity with standardized protocols such as KMIP and PKCS.
Experience with Blockchain technology and its application in secure key negotiations.
Excellent problem-solving skills and attention to detail.
Effective communication and collaboration abilities.
Ability to work independently and within a team in a fast-paced environment.