Senior Digital Assets Engineer
Fidelity Investments · Roanoke, TX · 1 wk ago
On-siteEngineeringFull-time
About the role
We are seeking a highly motivated cybersecurity engineer with a strong focus on key management, encryption technologies, and hardware-backed security solutions.
Responsibilities
- Design, implement, and operate secure key lifecycle management systems and encryption controls across on-premises infrastructure and distributed cloud-native environments.
- Work closely with cybersecurity, risk, and development teams to design, implement, and operate secure key lifecycle management systems and encryption controls.
- Contribute to the design and operation of secure cryptographic infrastructure supporting Fidelity’s digital asset and blockchain platforms.
- Build, integrate, and maintain enterprise key management and encryption solutions, leveraging AWS-native services, HSM-backed security controls, and cloud-native environments.
- Implement secure containerized applications running in Kubernetes by implementing secrets management, encryption enforcement, workload identity and access control, and secure CI/CD pipelines.
- Engineer and operate secure CI/CD pipelines to ensure trusted software delivery with integrated cryptographic controls.
- Support secure containerized applications running in Kubernetes by implementing secrets management, encryption enforcement, workload identity and access control, and secure CI/CD pipelines.
- Perform security engineering and operational support across distributed cloud environments, including on-call responsibilities, incident, change, and release management, monitoring, logging, and audit integration for cryptographic systems.
- Evaluate and prototype emerging technologies in confidential computing, advanced encryption and key protection mechanisms, and secure communication channels within microservices architectures.
- Design and implement end-to-end encryption strategies: data protection across APIs, services, and storage layers, secure communication channels within microservices architectures, and evaluate and prototype emerging technologies in confidential computing, advanced encryption, and key protection mechanisms.
- Define and enforce security controls and policies across systems, containers, and network layers, including authentication, authorization, and access governance.
Requirements
- Bachelor’s degree in Computer Science or a related technical discipline
- 6+ years of experience in distributed systems engineering, security engineering, or platform operations
- 2+ years of hands-on experience with Enterprise Key Management Systems (KMS), encryption technologies, secure API design and cryptographic service integration, and Hardware Security Modules (HSMs)
- 1–2 years of experience working with cloud-native environments, including AWS (e.g., KMS, Nitro Enclaves, IAM, VPC security), Kubernetes (EKS), and containerized workloads
- Strong understanding of cryptographic principles including symmetric/asymmetric encryption, key exchange, signing, and PKI concepts
- Practical experience with containers & orchestration (Docker/Kubernetes), CI/CD pipelines (GitHub, Jenkins, Artifactory), Infrastructure as Code / automation scripting (Python, Bash, PowerShell, Ansible), secrets management, certificate lifecycle management, and secure workload identity
- Familiarity with secrets management, certificate lifecycle management, and secure workload identity
- Strong analytical and troubleshooting skills in complex distributed systems
- Experience working in Agile environments within large enterprises
Qualifications
- Hands-on experience with AWS-native services (KMS, IAM, Nitro-based isolation), HSM-backed security controls, and cloud-native environments
- Experience with cloud-native environments, including AWS, Kubernetes, and containerized workloads
- Strong understanding of cryptographic principles including symmetric/asymmetric encryption, key exchange, signing, and PKI concepts
- Practical experience with containers & orchestration (Docker/Kubernetes), CI/CD pipelines (GitHub, Jenkins, Artifactory), Infrastructure as Code / automation scripting (Python, Bash, PowerShell, Ansible), secrets management, certificate lifecycle management, and secure workload identity
- Familiarity with secrets management, certificate lifecycle management, and secure workload identity
- Strong analytical and troubleshooting skills in complex distributed systems
- Experience working in Agile environments within large enterprises
Skills
- Enterprise Key Management Systems (KMS)
- Cryptography
- Hardware Security Modules (HSMs)
- Cloud-Native Architectures
- Kubernetes
- Containerization
- CI/CD Pipelines
- Infrastructure as Code
- Secrets Management
- Certificate Lifecycle Management
- Secure Workload Identity
- Agile Methodologies
Benefits
- Competitive compensation package
- Flexible working hours
- Professional development opportunities
- Health and wellness programs
Pay
- Competitive salary based on experience and qualifications
Schedule
- Full-time, hybrid schedule (on-site and remote)