Full-Time Encryption Engineer II

The Encryption Engineer will follow the guidance from the data protection – EITS team to work on a defined strategy following established processes and procedures.

You will work with various internal teams: Application owners, Application developers, Infrastructure teams, Database Teams, Audit and risk management teams, Regulatory compliance teams, External Key Management software vendors and professional services teams, other security tool Administrators, and business unit customers.

You will manage the implementation of data security controls to ensure data protection is maintained following processes and standards set by the global DP team. You will report to the Director of Data Protection.

Encryption Engineer Functions

• Explain the Integration guides and follow the steps to integrate encryption and key management as applicable.
• Work under the guidance of the manager to execute integrations/maintenance of existing integrations following the team's and manager's guidance.
• Collaborate with the Manager to Identify capability gaps and operational inconsistencies within the Data Protection controls environment and develop a plan to address through product enhancement, reconfiguration, upgrades and/or automation of processes.

Encryption Engineer Responsibilities

• Report progress against Plan weekly.
• Provide inputs to Refresh Data Protection roadmap/s quarterly.
• Ensure Technical and Process documentation is 100% current all the time (all changes thoroughly documented).
• Ensure new builds/integrations/agent implementation follow operational readiness processes, are documented, health/performance KPI's are defined and in place, and monitoring and alerting is in place before promoting to production.
• Follow change governance and guidance from the team (including documented processes where available and applicable).
• Demonstrate continual progress toward obtaining a security-specific (or specific security product certification) - or maintain a current certification.
• Complete two career-related training courses per year.
• Attend lunch and learn sessions to share knowledge with Engineering group.

Requirements

• 3+ years of experience as a Data Encryption Architect/Engineer/Experience guiding and training development teams on how to encrypt data on premises or the cloud and how to manage the lifecycle around the encryption keys and store them securely.
• Experience using AWS KMS, Cloud HSM, Gemalto/ Thales HSM or Key Management will be required.
• Experience working with business teams to understand and document encryption and Key Management strategy of IT driven products and services.
• Beneficial experience architecting and implementing encryption strategies on AWS, Azure on Google cloud including working on CMKs and integrating with a third party HSM "provider".
• Experience setting up, managing and running PKI and automating certificate lifecycle management.
• Spoken and written English capability is required. Portuguese proficiency desired.

This is a permanent home-based role in Costa Rica. No relocation available.

What is the last date for applying to the job?

Which countries are accepted for this remote job?