Full-Time Data Protection/Encryption Engineer II

You will be responsible for the design, operation, engineering, automation, and daily management of Crypto infrastructure, including Windows and Linux servers, COTS appliances, and Hardware Security Modules (HSMs). This role aims to provide cryptographic capabilities to customers, focusing on key management, data, and database security.

Encryption Engineer Functions

• Explain Integration guides and follow steps to integrate encryption and key management.
• Execute integrations/maintenance of existing integrations, guided by manager and team.
• Identify capability gaps and operational inconsistencies within the Data Protection controls environment. Develop plans for addressing them using product enhancement, reconfiguration, upgrades and/or automation.

Encryption Engineer Responsibilities

• Report progress against plan weekly.
• Provide inputs to refresh Data Protection roadmap(s) quarterly.
• Ensure technical and process documentation is 100% current and complete.
• Ensure new builds/integrations/agent implementations follow operational readiness processes, are documented, have defined health/performance KPIs, and have monitoring/alerting in place before production promotion.
• Follow change governance and team guidance (including documented processes).
• Demonstrate continual progress towards obtaining/maintaining a security certification.
• Complete two career-related training courses annually.
• Attend lunch and learn sessions to share knowledge with the Engineering group.

Experience Requirements

• 3+ years of experience as a Data Encryption Engineer.
• Experience guiding and training development teams on encrypting data (on-premises or cloud) and managing encryption key lifecycles.
• Experience using AWS KMS, Cloud HSM, Gemalto/Thales HSM, or other Key Management systems.
• Experience working with business teams to understand and document encryption and Key Management strategy for IT products and services.
• Beneficial experience architecting and implementing encryption strategies on AWS, Azure, or Google Cloud, including working with CMKs and third-party HSMs.
• Experience setting up, managing, and running PKI and automating certificate lifecycle management.

Additional Requirements

• Spoken and written English proficiency is required.
• Portuguese proficiency is desired.

Location

• Permanent home-based role in Costa Rica.
• No relocation available.

What is the last date for applying to the job?

Which countries are accepted for this remote job?