State Street is seeking a skilled and experienced Security Engineer with expertise in cryptographic key management. The security engineer will collaborate with lead engineers and architects to develop, implement and maintain key management solutions. The Security Engineer will integrate various key management systems and HSMs within a complex collection of enterprise applications, scaffolding, public and private cloud environments, and DevOPS workflows. The security engineer will design and implementing cryptographic automation and integrated solutions across the enterprise.

Responsibilities will include:

• Leading a team of CMS and KMS professionals to define and deliver on encryption strategies
• Developing and evolving a NIST compliant framework for KMS, CMS across the enterprise.
• Developing and maintaining system orchestration to automate day to day processes for both certificate and key management.
• Developing and maintaining ad-hoc and automated data reporting using vendor tooling or custom processing appropriate to monitor KPI success and overall health.
• Evolving the framework for system monitoring as related to critical security alerts and notifications.
• Developing automation approaches to solve KMS, CMS lifecycle challenges
• Analyzing legacy KMS, CMS solutions for security gaps and developing new capabilities to remediate and mitigate
• Providing guidance for scoping complex, cross-organizational projects as needed
• Developing standard workflows to enable seamless integration across tech stacks
• Partnering with architecture teams to design and evaluate KMS, CMS strategies
• Developing and deploying secure solutions to ensure that Digital Credential Services are performing according to specifications, continue to meet defined procedures, and comply with applicable information security policies and requirements.
• Integrate applications and third-party products into internal KMS, CMS services
• Creating and maintaining documentation for technical and administrative functions

Skills/Knowledge Desired:

• Certificate Authority Administration
• Certificate Enrollment Web Service & Policy Web Service
• Active Directory Certificate Services (ADCS) monitoring.
• Familiarity with encryption best practices for data-in-motion
• Familiarity with encryption best practices for data-at-rest
• Expertise in Public Key Infrastructure (PKI) machine identity technologies such as SSH, SSL, TLS.
• Experience with workflow and API development
• Experience with Restful APIs JSON XML
• Ability to perform light programming tasks using common programming and scripting languages
• Experience with K8s, CICD, Terraform preferred
  

Experience Desired

• 5-7 years of experience working with KMS, CMS architecture
• 5-7 years of System Administration of Windows, Unix/ Linux
• 5-7 years of experience in infrastructure (security/systems/network) engineering and/or development
• Experience developing executive-level reporting and communications
• Experience working in large complex environments (financial services a plus)

Salary Range:

The range quoted above applies to the role in the primary location specified. If the candidate would ultimately work outside of the primary location above, the applicable range could differ.

Job Application Disclosure:

It is unlawful in Massachusetts to require or administer a lie detector test as a condition of employment or continued employment. An employer who violates this law shall be subject to criminal penalties and civil liability.

State Street's Speak Up Line