Cybersecurity Engineer - Cryptography - Director

Morgan Stanley•New York, NY

21h

About The Position

We're seeking someone to join our PKI and Secrets Management team as a Cybersecurity engineer with a strong focus on both engineering and operations in Data Protection Services department to design, implement, and support enterprise cryptographic solutions, including Public Key Infrastructure (PKI), Hardware Security Modules (HSM), certificate lifecycle and secrets management tools. In the Technology division, we leverage innovation to build the connections and capabilities that power our Firm, enabling our clients and colleagues to redefine markets and shape the future of our communities. This is an engineering position at Director level, which is part of the job family responsible for engineering and operations of cryptographic solutions and also responsible for providing specialist cyber expertise and creating solutions that protect the organization's systems and networks against actual and potential security threats and vulnerabilities.

Requirements

Ability to effectively manage multiple functions and initiatives.
Bachelor's degree in Computer Science, Cybersecurity, Information Technology, or a related field.
5+ years of hands-on experience in cybersecurity engineering or operations, with exposure to cryptographic services (PKI, HSMs, certificate management).
Strong understanding of cryptographic principles, protocols, and standards (e.g., TLS, X.509, key exchange, encryption algorithms).
Proven experience managing PKI environments and certificate lifecycle tools in enterprise and/or cloud environments.
Hands-on experience with HSM technologies and key management practices, including secure key generation, storage, rotation, and backup.
Familiarity with automation and scripting (e.g., Python, PowerShell, or similar) to streamline certificate and key management processes.
Knowledge of emerging cryptographic trends, including Post-Quantum Cryptography (PQC) and crypto-agility concepts.

Nice To Haves

relevant certifications such as CISSP, CISM, or vendor-specific PKI/HSM certifications are preferred.

Responsibilities

Communicate regularly with product leads across the organization and discuss opportunities for improvement to existing and future technology solutions.
Design, implement, and maintain enterprise cryptographic infrastructure, including PKI, HSMs, and certificate management platforms.
Manage the full certificate lifecycle (issuance, renewal, revocation, and deployment) to ensure security, availability, and compliance.
Engineer and support secure key management solutions leveraging HSMs, including key generation, storage, rotation, and backup.
Monitor and operate cryptographic services in a 24/7 environment (on call rotations), ensuring high availability, incident response, and performance optimization.
Automate certificate and key management processes to reduce manual effort and minimize operational risk.
Collaborate with application, infrastructure, and security teams to integrate cryptographic controls into enterprise systems and cloud environments.
Support the evaluation, design, and adoption of Post-Quantum Cryptography (PQC) capabilities, including PQC-enabled PKI environments, crypto-agility strategies and transition planning.