Staff Security Engineer - Cryptography & Key Management

View full description

Requirements:

• A minimum of 8 years related experience with a Bachelor’s degree; or 5 years and a Master’s degree; or a PhD with 3 years’ experience.
• 5+ years of professional experience within data security including encryption, tokenization, PKI implementation and key management.
• 4+ years of in-depth experience working with payment and/or general-purpose HSMs, cloud KMSs.
• 4+ years of practical experience in encryption algorithms (e.g., AES, RSA), protocols (e.g., TLS/SSL), key management, secrets management.
• 3+ years with cloud computing architectures and Infrastructure as Code (e.g., Terraform).
• 2+ years working experience with security regulatory/compliance requirements including PCI, NIST and GDPR.
• 2+ years experience with data security, classification and posture management tooling.
• Strong collaboration and communication skills.
• Problem-solving skills to navigate complexity and security risks.

Responsibilities:

• Lead the development of enterprise-level data security architecture and strategies.
• Define encryption and secrets management standards, ensuring alignment with product development and enterprise needs.
• Collaborate closely with security, technology, and privacy teams to implement and maintain standards.
• Deploy, configure, and manage cloud-based Key Management Services (KMS) and Hardware Security Modules (HSMs).
• Participate in Proof of Concept (POC) testing for new cryptographic products and services.
• Serve as a key custodian, overseeing the full lifecycle of sensitive key material.
• Maintain and update data security tooling such as DSPM and DLP solutions.
• Ensure compliance with evolving security standards like PCI-DSS and FIPS.
• Provide operational support, including on-call rotation and documenting critical procedures.