State Street is seeking a skilled and experienced Security Engineer with expertise in cryptographic key management.  The security engineer will collaborate with lead engineers and architects to develop, implement and maintain key management solutions. The Security Engineer will integrate various key management systems and HSMs within a complex collection of enterprise applications, scaffolding, public and private cloud environments, and DevOPS workflows.  The security engineer will design and implementing cryptographic automation and integrated solutions across the enterprise.

Responsibilities will include:

Architecting solutions for CMS and KMS to align with encryption strategiesDeveloping and evolving a NIST compliant framework for KMS, CMS across the enterprise.Developing and maintaining system orchestration to automate day to day processes for both certificate and key management.Developing and maintaining ad-hoc and automated data reporting using vendor tooling or custom processing appropriate to monitor KPI success and overall health.Evolving the framework for system monitoring as related to critical security alerts and notifications.Developing automation approaches to solve KMS, CMS lifecycle challengesAnalyzing legacy KMS, CMS solutions for security gaps and developing new capabilities to remediate and mitigateProviding guidance for scoping complex, cross-organizational projects as neededDeveloping standard workflows to enable seamless integration across tech stacksPartnering with engineering teams to design and evaluate KMS, CMS strategiesDeveloping and deploying secure solutions to ensure that Digital Credential Services are performing according to specifications, continue to meet defined procedures, and comply with applicable information security policies and requirements. Integrate applications and third-party products into internal KMS, CMS servicesCreating and maintaining documentation for technical and administrative functions

 

Skills/Knowledge Desired:

Certificate Authority AdministrationCertificate Enrollment Web Service & Policy Web ServiceActive Directory Certificate Services (ADCS) monitoring. Familiarity with encryption best practices for data-in-motion  Familiarity with encryption best practices for data-at-rest  Expertise in Public Key Infrastructure (PKI) machine identity technologies such as SSH, SSL, TLS.Experience with workflow and API developmentExperience with Restful APIs JSON XMLAbility to perform light programming tasks using common programming and scripting languagesExperience with K8s, CICD, Terraform preferred
 

Experience Desired

5-7 years of experience working with KMS, CMS architecture5-7 years of System Administration of Windows, Unix/ Linux5-7 years of experience in infrastructure (security/systems/network) engineering and/or  developmentExperience developing executive-level reporting and communicationsExperience working in large complex environments (financial services a plus)

Salary Range:

$130,000 - $205,000 Annual

The range quoted above applies to the role in the primary location specified. If the candidate would ultimately work outside of the primary location above, the applicable range could differ.

Job Application Disclosure:

It is unlawful in Massachusetts to require or administer a lie detector test as a condition of employment or continued employment. An employer who violates this law shall be subject to criminal penalties and civil liability.

State Street's Speak Up Line