Senior Encryption Engineer

*Title: Senior Encryption Engineer (Remote)*

*Location: Remote*

*Duration: 12 months contract to hire*

*A detailed description of the position will be shared once we get your application*

*Senior Encryption Engineer (Remote)*

*Brief Overview of Position*

The Senior Encryption Engineer leads the first line of defense Information Security services around data protection security and related matters. They review, design and develop security operational processes, standards, and procedures utilizing current and new technologies to improve security controls and business performance. The Senior Tokenization Engineer will coordinate with internal teams to implement data security solutions and improve security that is aligned with corporate business objectives and regulatory requirements.

*Responsibilities*
* *Subject Matter Expertise – *
* Led the design, implementation, and maintenance of enterprise data Pseudonymization using tokenization and/or data encryption solutions to business areas, project teams and vendors to apply and execute appropriate use of technology solutions and lead efforts to examine technology vision, opportunities, and challenges with regard to security standards and the impact of the technology. Create a technical detailed implementation plan for the desired state
* *Security Trends & Educating – *
* Evaluate and understand the current state of enterprise Tokenization/encryption capabilities/services.
* Categorizing Apps based on business criticality and grouping Apps based on their nature (DB servers, App servers, API applicable, etc …..)
* Learning about external facing applications and how data files are being handled when engaging third-party
* Provide training to App teams about the new solution and how it could be leveraged to improve the overall security posture
* Participate in organization-wide meetings to present the solution for awareness and to gather feedback about areas of enhancement
* Creating and owning a self-service model to empower application teams to properly onboard to data tokenization solution
* Finding and engaging the contact person/team for each Application and help App teams reading vendor’s documentation regarding deployment and performance
* Monitors and anticipates trends and investigates organizational objectives and needs
* *Reporting –*
* Create and maintain operational documentation and reports to support monthly trend analysis as well as project components
* Create run books for solution implementation, configuration and other performance tweaks as per the vendor’s recommendation
* *Business As Usual –*
* Assist application teams with configuration, testing/validating data tokenization functionality, and troubleshoot data tokenization issues through logs and perform daily health checks for the data tokenization solution platform.
* Responsible for the day-to-day management and oversight on all on-prem and cloud key management platforms to preserve separation of duty with teams leveraging keys and certificates.
* Partnering with App teams to understand app data flow, core upstream Apps, and ingestion points
* Liaison between internal App teams and the vendor to submit and follow up on outstanding tickets and feature enhancements
* *Vendor/Tool Selection – *
* Leads the research, evaluation, proof-of-concept, selection, and implementation of technology solutions. Provides detailed analysis of pros and cons and build vs buy options.
* *Process Improvement – *
* Promotes implementation of new technology, solutions and methods to improve business processes, efficiency, effectiveness and value delivered to customers. Perform gap analysis between the current state and desired state of enterprise encryption program/services and document findings
* *Incident Response – *
* Involved in security incident response activities and post-event reviews of security incidents.

The duties listed above are the essential functions, or fundamental duties within the job classification. The essential functions of individual positions within the classification may differ. May assign reasonably related additional duties to individual employees consistent with standard departmental policy.

*Qualifications*
* 5+ years of hands-on experience is required; must have implemented and managed Data Tokenization, Data Encryption, Key Management systems, Data Masking, HSMs and other cryptographic technology platforms. Must possess strong technical knowledge of cryptographic platform architecture, system policies and rules
* Experience with Data Pseudonymization using Tokenization platforms (Voltage, SecuPi, Protegrity, Thales, etc..)
* Familiarity with Test Data Management (TDM) solutions such as, Delphix, voltage, etc ..
* Hands-on experience with GCP preferably and/or AWS and Azure cloud services
* Experience with data lake platforms (BigQuery, SnowFlake, Databricks, etc…)
* Experience with ETL platforms (Informatica) and legacy applications (DB2)
* Experience with Relational DBs (Oracle, SQLServer, MySQL) and NoSQL (MongoDB)
* Understanding of concepts involving Hardware Security Modules (HSM), Enterprise Key Management, applying Encryption at various levels of granularity
* Ability to understand requirements and problem-sets and design solutions to address their data tokenization and encryption needs from designing to implementing
* Experience with multiple CA (certificate authority) vendors and platforms
* Experience with installing and configuring certificates in multiple application types
* Familiarity with Cloud HSM, Certificate Manager, Key Management Solution (KMS), Private Certificate Authority, Azure Electronic Key Management (EKM) Microsoft two or three-tier PKI, managed PKI services
* Experience with multiple cryptographic algorithms and cipher suites as well as up-to-date on deprecated algorithms for decommissioning.
* Strong verbal and written communication skills; must be able to effectively communicate technical details and thoughts in non-technical/general terminology to various levels of the organization.
* Knowledge of Data Security best practices and security solutions
* Knowledge in a cloud-based environment (Azure, AWS, GCP)
* Knowledge of common technologies, enterprise and network architecture
* Understanding of:
* Modern security tools and controls
* Programming languages or other scripting languages
* Financial industry regulations such as GLBA, PCI, and SOX
* Knowledge of or demonstrated experience with defense in depth, trust levels, privileges and permissions

*Preferences*
* Bachelor’s degree in Information Security, Information Technology, Information Systems Management, Computer Science, Engineering or related field(s) or equivalent demonstrated work experience.
* Base Technology or Security certification (CISSP, CompTIA Security+, CCENT, CCNA, MCSA, etc)
* Cloud Vendor certificates (GCP, AWS, Azure)

Job Type: Contract

Benefits:
* Dental insurance
* Health insurance
* Life insurance
* Referral program
Schedule:
* Monday to Friday



Application Question(s):
* Do you have experience in a cloud-based environment (Azure, AWS, GCP)?
* Do you have experience in PKI, HSM, Key Management systems, Data Masking?
* How many years of experience in Data Protection?
* How many years of experience in Encryption/Cryptography?


Work Location: Remote

Tags