Senior Digital Assets Engineer

Fidelity Investments•Westlake, TX

2d•Onsite

About The Position

The Role We are seeking a highly motivated cybersecurity engineer with a strong focus on key management, encryption technologies, and hardware-backed security solutions who can make an immediate impact. The ideal candidate is curious, ownership-driven, and thrives in a collaborative, knowledge-sharing environment. The Digital Asset Security Operations team within Fidelity Enterprise Cybersecurity (ECS) is responsible for securing mission‑critical platforms that power cryptocurrency and blockchain services. This role sits at the intersection of modern cryptographic systems, cloud-native architecture, and secure infrastructure engineering, with deep exposure to encryption platforms, Hardware Security Modules (HSMs), and containerized workloads in AWS. You will work closely with cybersecurity, risk, and development teams to design, implement, and operate secure key lifecycle management systems and encryption controls across on-premises infrastructure and distributed cloud-native environments.

Requirements

Bachelor’s degree in Computer Science or a related technical discipline
6+ years of experience in distributed systems engineering, security engineering, or platform operations
2+ years of hands-on experience with: Enterprise Key Management Systems (KMS) Encryption technologies (data-at-rest, data-in-transit, and data-in-use) Secure API design and cryptographic service integration
1–2 years of experience working with cloud-native environments, including: AWS (e.g., KMS, Nitro Enclaves, IAM, VPC security) Kubernetes (EKS) and containerized workloads
Strong understanding of cryptographic principles including: Symmetric/asymmetric encryption Key exchange, signing, and PKI concepts
Experience securing and hardening Linux and Windows systems, with focus on encryption, identity, and access control
Practical experience with: Containers & orchestration (Docker/Kubernetes) CI/CD pipelines (GitHub, Jenkins, Artifactory) Infrastructure as Code / automation scripting (Python, Bash, PowerShell, Ansible)
Familiarity with secrets management, certificate lifecycle management, and secure workload identity
Strong analytical and troubleshooting skills in complex distributed systems
Experience working in Agile environments within large enterprises

Nice To Haves

Experience with Hardware Security Modules (HSMs) for secure key generation, storage, and cryptographic operations (strongly preferred)

Responsibilities

Contribute to the design and operation of secure cryptographic infrastructure supporting Fidelity’s digital asset and blockchain platforms
Build, integrate, and maintain enterprise key management and encryption solutions, leveraging: AWS-native services (KMS, IAM, Nitro-based isolation) HSM-backed security controls
Support secure containerized applications running in Kubernetes by implementing: Secrets management Encryption enforcement Workload identity and access control
Engineer and operate secure CI/CD pipelines to ensure trusted software delivery with integrated cryptographic controls
Perform security engineering and operational support across distributed cloud environments, including: On call responsibilities Incident, change, and release management Monitoring, logging, and audit integration for cryptographic systems
Design and implement end-to-end encryption strategies: Data protection across APIs, services, and storage layers Secure communication channels within microservices architectures
Evaluate and prototype emerging technologies in: Confidential computing (e.g., enclaves) Advanced encryption and key protection mechanisms
Define and enforce security controls and policies across: Systems, containers, and network layers Authentication, authorization, and access governance