Jobs · Engineering · Texas

Senior Digital Assets Engineer

Fidelity Investments · Roanoke, TX · 1 wk ago
On-siteEngineeringFull-time

About the role

We are seeking a highly motivated cybersecurity engineer with a strong focus on key management, encryption technologies, and hardware-backed security solutions.

Responsibilities

  • Design, implement, and operate secure key lifecycle management systems and encryption controls across on-premises infrastructure and distributed cloud-native environments.
  • Work closely with cybersecurity, risk, and development teams to design, implement, and operate secure key lifecycle management systems and encryption controls.
  • Contribute to the design and operation of secure cryptographic infrastructure supporting Fidelity’s digital asset and blockchain platforms.
  • Build, integrate, and maintain enterprise key management and encryption solutions, leveraging AWS-native services, HSM-backed security controls, and cloud-native environments.
  • Implement secure containerized applications running in Kubernetes by implementing secrets management, encryption enforcement, workload identity and access control, and secure CI/CD pipelines.
  • Engineer and operate secure CI/CD pipelines to ensure trusted software delivery with integrated cryptographic controls.
  • Support secure containerized applications running in Kubernetes by implementing secrets management, encryption enforcement, workload identity and access control, and secure CI/CD pipelines.
  • Perform security engineering and operational support across distributed cloud environments, including on-call responsibilities, incident, change, and release management, monitoring, logging, and audit integration for cryptographic systems.
  • Evaluate and prototype emerging technologies in confidential computing, advanced encryption and key protection mechanisms, and secure communication channels within microservices architectures.
  • Design and implement end-to-end encryption strategies: data protection across APIs, services, and storage layers, secure communication channels within microservices architectures, and evaluate and prototype emerging technologies in confidential computing, advanced encryption, and key protection mechanisms.
  • Define and enforce security controls and policies across systems, containers, and network layers, including authentication, authorization, and access governance.

Requirements

  • Bachelor’s degree in Computer Science or a related technical discipline
  • 6+ years of experience in distributed systems engineering, security engineering, or platform operations
  • 2+ years of hands-on experience with Enterprise Key Management Systems (KMS), encryption technologies, secure API design and cryptographic service integration, and Hardware Security Modules (HSMs)
  • 1–2 years of experience working with cloud-native environments, including AWS (e.g., KMS, Nitro Enclaves, IAM, VPC security), Kubernetes (EKS), and containerized workloads
  • Strong understanding of cryptographic principles including symmetric/asymmetric encryption, key exchange, signing, and PKI concepts
  • Practical experience with containers & orchestration (Docker/Kubernetes), CI/CD pipelines (GitHub, Jenkins, Artifactory), Infrastructure as Code / automation scripting (Python, Bash, PowerShell, Ansible), secrets management, certificate lifecycle management, and secure workload identity
  • Familiarity with secrets management, certificate lifecycle management, and secure workload identity
  • Strong analytical and troubleshooting skills in complex distributed systems
  • Experience working in Agile environments within large enterprises

Qualifications

  • Hands-on experience with AWS-native services (KMS, IAM, Nitro-based isolation), HSM-backed security controls, and cloud-native environments
  • Experience with cloud-native environments, including AWS, Kubernetes, and containerized workloads
  • Strong understanding of cryptographic principles including symmetric/asymmetric encryption, key exchange, signing, and PKI concepts
  • Practical experience with containers & orchestration (Docker/Kubernetes), CI/CD pipelines (GitHub, Jenkins, Artifactory), Infrastructure as Code / automation scripting (Python, Bash, PowerShell, Ansible), secrets management, certificate lifecycle management, and secure workload identity
  • Familiarity with secrets management, certificate lifecycle management, and secure workload identity
  • Strong analytical and troubleshooting skills in complex distributed systems
  • Experience working in Agile environments within large enterprises

Skills

  • Enterprise Key Management Systems (KMS)
  • Cryptography
  • Hardware Security Modules (HSMs)
  • Cloud-Native Architectures
  • Kubernetes
  • Containerization
  • CI/CD Pipelines
  • Infrastructure as Code
  • Secrets Management
  • Certificate Lifecycle Management
  • Secure Workload Identity
  • Agile Methodologies

Benefits

  • Competitive compensation package
  • Flexible working hours
  • Professional development opportunities
  • Health and wellness programs

Pay

  • Competitive salary based on experience and qualifications

Schedule

  • Full-time, hybrid schedule (on-site and remote)

Similar jobs