Idemia - Software Architect

Responsibility :

- Architect, design, and implement scalable HSM components (firmware, middleware, APIs) to meet performance and security goals.

- Define and develop APIs for secure integration of IDEMIA HSM functionality into enterprise and cloud applications using protocols such as PKCS#11, OpenSSL, KMIP, JCA/JCE, CAPI/CNG, and proprietary interfaces.

- Implement and optimize cryptographic algorithms including AES, RSA, ECC, SHA, HMAC, digital signatures, and key exchange mechanisms.

- Lead root-cause analysis and resolution of complex HSM-related issues reported in production environments.

- Ensure security compliance with global standards and regulations including FIPS 140-3, PCI DSS, ISO 27001, GDPR, and NIST guidelines.

- Perform architectural risk assessments and security reviews to identify and remediate vulnerabilities in the HSM solution.

- Support internal and external security audits, providing clear documentation and technical justifications.

- Collaborate with cross-functional teams (security, DevOps, architecture, QA) to adopt secure coding practices and cryptographic best practices.

- Contribute to technical documentation, including design specifications, API references, compliance reports, and operational guides.

Qualifications And Skills :

- Bachelors or Masters degree in Computer Science, Software Engineering, Electrical Engineering, or a related field.

- Minimum 10 years of overall experience with at least 5 years of experience in HSM firmware, SDK or secure embedded systems, ideally in a production or industrial environment.

- Proficient in multiple programming languages: C, C++, C#, Java, Python; experience with Golang is a strong advantage.

- Expertise in cryptographic libraries and protocols: PKCS#11, OpenSSL, JCA/JCE, CAPI/CNG.

- Deep understanding of cryptographic algorithms and secure data transmission practices (e.g., TLS/HTTPS, firewalls, secure key exchange).

- Experience with Linux and Windows OS, networking protocols (HTTP, WebSockets, TCP/IP), and system-level debugging.

- Knowledge of secure software development lifecycles, penetration testing, and threat modeling.

- Demonstrated ability to lead technical decision-making, mentor engineers, and align development with long-term architectural vision.

- Strong verbal and written communication skills in English; capable of authoring high-quality technical documentation.