Senior Cryptographic Engineer

About The Position

Requirements

• Eight plus years of experience in cryptographic systems, PKI, or security engineering
• Experience designing, implementing, or supporting large scale enterprise certificate management programs
• Deep practical knowledge of TLS, X.509 certificates, trust chains, and certificate lifecycle management
• Strong expertise in cryptographic key management and HSM platforms
• Experience with at least one major cloud provider encryption ecosystem, AWS and or Azure
• Venafi TLS Protect, Trust Protection Platform, or equivalent
• Thales CipherTrust or comparable HSM platforms
• ServiceNow CMDB, workflow, or task routing for security operations
• Scripting or automation using Python, PowerShell, or similar languages
• API based integration and automation

Nice To Haves

• Post quantum cryptography planning or proof of concept experience
• Exposure to cryptographic bill of materials or cryptographic inventory initiatives
• Financial services or other highly regulated industry experience
• Prior experience balancing platform operations and engineering responsibilities

Responsibilities

• Cryptographic Engineering and Architecture • Design and evolve enterprise cryptographic architectures across Public Key Infrastructure, TLS and certificate lifecycle management, cloud key management platforms including AWS KMS and Azure Key Vault, and Hardware Security Modules including Thales
• Serve as a subject matter expert in cryptographic algorithms, protocols, key management practices, certificate chains, trust models, and lifecycle controls
• Provide senior technical oversight for cryptographic operations including certificate issuance, renewal, validation, and incident response
• Lead key rotation events including customer managed keys via external HSM and KMS platforms
• Act as an escalation point for complex cryptographic incidents where failure could result in production impact
• Automation and Platform Engineering • Design and implement automation to reduce manual cryptographic work
• Enable certificate discovery, ownership inference, and lifecycle automation
• Integrate cryptographic workflows with ServiceNow for routing, ownership, and change enablement
• Build API driven automation across platforms including Venafi, CyberArk, Wiz, ServiceNow, AWS, and OpenShift Cert Manager
• Post Quantum Cryptography and Crypto Agility • Lead the organization’s post quantum cryptography strategy and preparedness
• Inventory quantum vulnerable cryptographic implementations
• Define crypto agility requirements across platforms and services
• Evaluate hybrid TLS and post quantum cryptography migration approaches
• Translate evolving standards including NIST PQC and CNSA 2.0 into phased engineering plans that protect production stability
• Risk Management, Assurance, and Audit Support • Collaborate with cryptographic assurance and quality teams to validate cryptographic deployments and review high risk changes
• Assess and document exceptions and compensating controls
• Support audits and regulatory reviews by explaining cryptographic controls, operating models, and risk based decision making

Benefits

• Citizens offers competitive pay, comprehensive medical, dental, and vision coverage, retirement benefits, paid parental leave, flexible work arrangements, education reimbursement, wellness programs, and more.
• Citizens’ paid time off policy exceeds mandatory paid sick or paid time away requirements in all United States jurisdictions.