Security Engineer - Data Encryption

at  TD Bank

JOB REQUIREMENTS INCLUDE:

• Acting as a key contributor to developing solution structure and framework for cryptographic protection of data in complex environments.
• Selecting and assessing security tools and solutions that best meet the stated Security needs.
• Developing and documenting design patterns for adoption by our engineering partners.
• Contribute input into and lead development of solution documentation, System Requirements, Cryptography and Data Protection Policies, Procedures, Standards and Guides.
• Producing technical and analysis documentation, reports, and summaries.
• Creating high level and technical level presentations and presenting to technical and non-technical audiences and Senior Management.
• Knowledge of the Regulatory and Compliance landscape pertaining to the Financial Industry.
• Solid analytical, reasoning, organizational and time management skills.
• Ability to establish and maintain effective working relationships with all levels of personnel both internally and externally; e.g., Senior Management, peers, clients, and vendors.
• Ability to work in a fast-paced environment and manage multiple deadlines and priorities.
• Adapt to new different or changing requirements, quickly grasp new concepts, and reflect on lessons learned. Define problem/challenge, identify alternatives, and make timely decisions.
• Work closely & collaboratively with Internal Engineering, Deployment & Operations teams to drive design adoption across IT.
• Attention to details and follow through.
• Ability to make engineering design decisions, solve problems related to cryptographic principles.
• Align with the Department strategies and delivering superior results in short and long terms.
• Provide subject matter expertise consulting service to our Business partners.
• Manage communications and activities with 3rd party solution and service providers.
• Plan, schedule, run and manage working meetings and produce meeting minutes.

THIS ROLE WILL BE RESPONSIBLE FOR SOLUTIONS IN AREAS SUCH AS, BUT NOT LIMITED TO:

• Cryptographic protection of Data at Rest and Data in Transit.
• Cryptography Governance (Policies, Procedures, Standards, Guides).
• Database Transparent Data Encryption (TDE) and encryption in Transi.t
• Protecting data in Public Cloud (Azure, Google).
• Thales Vormetric/CipherTrust Data At Rest Encryption.
• Hardware Security Module (HSM) – Thales, Entrust, Utimaco, Atalla.
• Cryptographic Tools (Venafi)
• PKI (x509 Digital Certificates, SSH, Microsoft ADCS, TLS ciphers)
• Key Lifecycle Management for symmetric and asymmetric keys.
• Post-Quantum Cryptography.

THE SUCCESSFUL CANDIDATE IS EXPECTED TO HAVE SOUND TECHNICAL KNOWLEDGE IN A WIDE RANGE OF INFORMATION AND DATA SECURITY TECHNOLOGIES, FRAMEWORKS, TOOLS, PROCESSES, AND PROCEDURES. THIS ROLE IS LOOKING FOR PEOPLE WITH SKILLS IN AS MANY OF THE BELOW TECHNOLOGY AREAS AS POSSIBLE:

• 3+ year experience in Cryptography domain.
• Technologies and security controls for protection of data at rest and data in transit.
• In-depth knowledge of PCI DSS requirements for data protection.
• Understanding and navigation of NIST 800-Series Special Publications in respect to cryptography and FIPS 140-3 certification levels for cryptographic modules.
• In-depth knowledge of various cryptographic and encryption technologies and standards (Symmetric/Asymmetric cryptography, PKI, Digital Signing and Hashing).
• Understanding principles of Post-Quantum Cryptography and its standardization.
• Ability to translate complex technical concepts to values and outcomes for communicating to Senior Leadership and non-technical Business partners.
• Working knowledge of Microsoft Office suite for developing presentation decks, design documentation, drawings, and reports.
• Expertise in either: Windows/Unix/Linux Databases (including MS SQL, Oracle, MongoDB) or Storage (SAN, NAS).
• Experience with Cryptography as it applies to Cloud Solutions in Highly Virtualized Environments.
• Strong verbal and written communications skills are essential for this role.
• An industry recognizable IS Security certification (e.g. CISSP).
• Working knowledge of Mainframe cryptography and Mainframe HSM is a Plus.
• Experience with data protection against Ransomware is a Plus.
• Employment experience in Financial industry is a Plus.