Cryptography Engineer, Vice President
State Street · Quincy, MA · 6 days ago
Engineering$120k–$203k/yrFull-time
What You Will Be Responsible For
- Design, implement, and operate enterprise PKI platforms, Certificate Authorities (CAs), and trust services.
- Manage the lifecycle of digital certificates including issuance, renewal, revocation, monitoring, and discovery.
- Led the engineering and adoption of certificate automation technologies including ACME, EST, SCEP, and API-based integrations.
- Design and maintain enterprise key management solutions and cryptographic controls supporting applications, infrastructure, cloud platforms, and machine identities.
- Partner with application and infrastructure teams to onboard systems to enterprise PKI and certificate management services.
- Engineer secure solutions for code signing, SSH certificates, workload identities, and machine-to-machine authentication.
- Drive migration from legacy and unmanaged certificates to enterprise-standard certificate management platforms.
- Develop automation solutions that improve operational efficiency, scalability, and compliance.
- Support cloud cryptography integrations with Azure, AWS, and other strategic technology platforms.
- Participate in security architecture reviews to ensure cryptographic controls meet corporate standards and industry best practices.
- Monitor cryptographic risks, identify control gaps, and implement remediation plans.
- Support audit, compliance, regulatory, and risk management activities related to cryptography and PKI.
- Produce operational metrics, risk indicators, and reporting for senior management and governance forums.
- Contribute to the firm's post-quantum cryptography (PQC) strategy and cryptographic agility initiatives.
What We Value
- Deep understanding of Public Key Infrastructure (PKI) and X.509 certificate technologies.
- Strong knowledge of cryptographic algorithms, protocols, and security architectures.
- Experience managing enterprise Certificate Authorities and certificate lifecycle platforms.
- Experience with certificate automation technologies and machine identity management.
- Knowledge of Hardware Security Modules (HSMs), key management systems, and cryptographic controls.
- Experience supporting cloud-native security services within Azure and AWS environments.
- Experience integrating security controls into DevOps and CI/CD pipelines.
- Strong understanding of authentication, identity, and access management concepts.
- Knowledge of regulatory and industry standards including NIST, PCI-DSS, FFIEC, and related security frameworks.
- Strong troubleshooting, analytical, and problem-solving skills.
- Able to communicate effectively with technical and executive stakeholders.