Data Security Encryption

at  US Bank National Association

At U.S. Bank, we’re on a journey to do our best. Helping the customers and businesses we serve to make better and smarter financial decisions and enabling the communities we support to grow and succeed. We believe it takes all of us to bring our shared ambition to life, and each person is unique in their potential. A career with U.S. Bank gives you a wide, ever-growing range of opportunities to discover what makes you thrive at every stage of your career. Try new things, learn new skills and discover what you excel at—all from Day One.

JOB DESCRIPTION

The Data Security Encryption Engineer is a critical role within the Data Security and Insider Threat Cloud Transformations team, focused on identifying and protecting sensitive bank information from threats and misuse. The position will perform as a lead subject matter expert (SME) for data protection technologies, including the oversight and improvement of solution health, performance, stability, and ongoing support. Additional responsibilities include creating reports, writing documentation, implementing organizational policies, and ensuring implemented solutions meet the security requirements for supported projects and initiatives.

The role offers a hybrid/flexible schedule, which means there’s an in-office expectation of 3 or more days per week and the flexibility to work outside the office location for the other days at one of the following locations:

• Cincinnati, OH
• Minneapolis, MN
• Milwaukee, WI

Primary Responsibilities:

Build and maintain an up-to-date comprehensive central inventory of U.S. Bank cryptography objects and assets such as keys and certificates used to encrypt sensitive data which includes but not limited to:

• Symmetric/asymmetric algorithms and protocols (aes, ecc etc.)
• Key management functions: exchange, agreement, derivation, wrapping etc.
• Hash functions, initialization vectors, operations, nonces, macs, salts etc.
• Sensitive digital certificates that have private keys (pkcs12/.pfx etc.)
• Cryptography libraries (openssl etc.)

Generate up-to-date enterprise reports for cryptography objects and assets when as needed by various stakeholders for audit, governance, and encryption compliance matters.
Map cryptography objects and assets with corresponding applications, filesystems and infrastructure systems and help assign ownership based on U.S. Bank CMDB including where and how they are used.
Provide requirements to developers on the cryptographic objects and assets that needed to be scanned using APIs.

Required Skills –

• 2+ years of proven success in a similar engineering and/or security role.

Prior experience with AWS and Azure technologies.
Comfortable with using JSON, YAML, python for parsing JSON, and SQL queries

Understanding of Linux administration, IP networking, and firewalls

• Understanding of PCI 4.0 DSS requirements surrounding, data protection, inventory, configuration, authorization, change management, and tamper protection for payment systems.

Preferred Skills –

• Basic understanding of encryption for data in motion and at rest, and key management in the cloud.
• Knowledge of basic cloud services and their configurations.
• Familiarity with cloud computing platforms such as Microsoft Azure, Amazon AWS, and Google Cloud.
• Familiarity with Power Platform (Power Apps) and Excel Power Query
• Experience in creating and maintaining detailed technical writing including process, procedure, and change control record documentation.
• Experience supporting financial services industry rules and regulations (PCI, SOX, GLBA, BASEL).
• CISSP, GIAC, CISA, or other appropriate certifications a plus.
• Security and IT metrics experience a plus; report creation abilities strongly desired.
• Experience with process automation and/or scripting.
• Knowledge of audit related frameworks, such as the NIST Cyber Security Framework and Common Control Framework.
• Understanding of technology risk and how it relates to security controls.
• Experience creating reports and dashboards for metrics.
• Excellent organizational, time management skills.
• The ability to prioritize work efforts between operational tasks and strategic efforts.
• Familiarity with agile methodologies, scrum, kanban, and Atlassian Jira is a plus.
• A strong customer focus, with the ability to manage expectations appropriately, provide a superior customer/client experience and build long-term relationships.
• Strong attention to detail and process.

If there’s anything we can do to accommodate a disability during any portion of the application or hiring process, please refer to our disability accommodations for applicants.

Our approach to benefits and total rewards considers our team members’ whole selves and what may be needed to thrive in and outside work. That’s why our benefits are designed to help you and your family boost your health, protect your financial security and give you peace of mind. Our benefits include the following (some may vary based on role, location or hours):

• Healthcare (medical, dental, vision)
• Basic term and optional term life insurance
• Short-term and long-term disability
• Pregnancy disability and parental leave
• 401(k) and employer-funded retirement plan
• Paid vacation (from two to five weeks depending on salary grade and tenure)
• Up to 11 paid holiday opportunities
• Adoption assistance
• Sick and Safe Leave accruals of one hour for every 30 worked, up to 80 hours per calendar year unless otherwise provided by la