As a Senior Cryptography Engineer, you’ll protect NewDay’s payment processing, customer data, and internal systems through robust, scalable cryptographic controls. You’ll design, build, and automate key management, certificate lifecycle, and HSM governance to reduce operational risk and enable secure developer self-service. This role directly supports business-critical platforms, ensuring strong security assurance across financial services at scale while helping shape NewDay’s long-term cryptographic strategy.
How you’ll contribute
Key lifecycle tooling: Build, implement, and manage tooling for key generation, distribution, backup, automated rotation, and secure deletion across hybrid cloud environments.
Certificate automation: Develop self-service certificate issuance workflows integrated with CI/CD pipelines; improving self-service coverage.
PKI tooling: Maintain certificate authority infrastructure, trust store management and validation processes.
Integration patterns: Build certificate provisioning patterns for containerised applications, API gateways and service meshes.
Algorithm governance: Support migration away from deprecated algorithms through automation and developer tooling.
Cloud KMS integration: Configure and maintain integrations with Cloud KMS services.
HSM administration: Support hardware security module operations, backup procedures, key management, and disaster recovery.
Infrastructure as code: Implement cryptographic infrastructure using Terraform, CloudFormation and configuration management.
Continuous Improvement: Contributing to improving ways of working in the team.
We're looking for these essential skills
Cryptographic depth: 3+ years implementing cryptographic systems; deep understanding of symmetric/asymmetric encryption, digital signatures, key derivation, PKI concepts.
Key management platforms: Hands-on experience of cloud KMS services (e.g. Azure Key Vault, AWS KMS) and/or HSM platforms (e.g. Thales, Entrust, Azure CloudHSM).
Certificate management: Practical experience with certificate authorities, X.509 certificates, TLS/SSL configuration and automated certificate lifecycle management (e.g. AppViewX/Venafi).
Good understanding of security and compliance frameworks and standards for cryptography, e.g. PCI-DSS, PCI-PIN, PCI-CPP, NIST, FIPS
It’s a plus if you also have these skills
Infrastructure automation: Experience with IaC (Terraform, CloudFormation, Pulumi), configuration management, and CI/CD pipelines (GitHub Actions).
Programming proficiency: Strong development skills in one or more of: Python, Go, Java, C#; ability to write production-quality automation scripts and tools.
Developer enablement: Experience building internal tools, libraries and documentation for engineering teams.
Legacy migration: Experience modernising cryptographic systems, algorithm migration and technical debt remediation.
At NewDay, we value all types of diversity. We’re an equal opportunity employer and believe that our differences create a vibrant, authentic working culture. We want all our colleagues to feel able to bring their whole selves to work. We don’t discriminate on the basis of protected characteristics or identities. We make sure that every job is crafted to be inclusive and that people with disabilities or caring responsibilities can take part in the application and interview process.
Tell us if you need accommodations: We’ll put reasonable adjustments in place to support you.
We work with Textio to make our job design and hiring inclusive.
PermanentTop Skills
NewDay London, England Office
7 Handyside Street, London, United Kingdom, N1C 4DA
