Job Description
Senior Cryptographic Security Engineer
Role Summary
The Senior Cryptographic Security Engineer is a hands on technical leader responsible for designing operating and evolving the organization’s cryptographic platforms with a strong emphasis on operational resilience automation and risk reduction.
This role sits at the intersection of cryptography PKI certificate lifecycle management cloud key management services automation and incident prevention. The Cryptographic Engineering team balances run the platform responsibility with build the future engineering ensuring enterprise cryptographic controls are stable today and adaptable to emerging threats such as post quantum cryptography.
Key Responsibilities
Cryptographic Engineering and Architecture • Design and evolve enterprise cryptographic architectures across Public Key Infrastructure TLS and certificate lifecycle management cloud key management platforms including AWS KMS and Azure Key Vault and Hardware Security Modules including Thales
• Serve as a subject matter expert in cryptographic algorithms protocols key management practices certificate chains trust models and lifecycle controls
• Provide senior technical oversight for cryptographic operations including certificate issuance renewal validation and incident response
• Lead key rotation events including customer managed keys via external HSM and KMS platforms
• Act as an escalation point for complex cryptographic incidents where failure could result in production impact
Automation and Platform Engineering • Design and implement automation to reduce manual cryptographic work
• Enable certificate discovery ownership inference and lifecycle automation
• Integrate cryptographic workflows with ServiceNow for routing ownership and change enablement
• Build API driven automation across platforms including Venafi CyberArk Wiz ServiceNow AWS and OpenShift Cert Manager
Post Quantum Cryptography and Crypto Agility • Lead the organization’s post quantum cryptography strategy and preparedness
• Inventory quantum vulnerable cryptographic implementations
• Define crypto agility requirements across platforms and services
• Evaluate hybrid TLS and post quantum cryptography migration approaches
• Translate evolving standards including NIST PQC and CNSA 2.0 into phased engineering plans that protect production stability
Risk Management Assurance and Audit Support • Collaborate with cryptographic assurance and quality teams to validate cryptographic deployments and review high risk changes
• Assess and document exceptions and compensating controls
• Support audits and regulatory reviews by explaining cryptographic controls operating models and risk based decision making
Required Qualifications • Eight plus years of experience in cryptographic systems PKI or security engineering
• Experience designing implementing or supporting large scale enterprise certificate management programs
• Deep practical knowledge of TLS X.509 certificates trust chains and certificate lifecycle management
• Strong expertise in cryptographic key management and HSM platforms
• Experience with at least one major cloud provider encryption ecosystem AWS and or Azure
Tools and Platforms Hands On Experience • Venafi TLS Protect Trust Protection Platform or equivalent
• Thales CipherTrust or comparable HSM platforms
• ServiceNow CMDB workflow or task routing for security operations
• Scripting or automation using Python PowerShell or similar languages
• API based integration and automation
Nice to Have Experience • Post quantum cryptography planning or proof of concept experience
• Exposure to cryptographic bill of materials or cryptographic inventory initiatives
• Financial services or other highly regulated industry experience
• Prior experience balancing platform operations and engineering responsibilities
Education and Certifications • Bachelor’s or Master’s degree in Computer Science Computer Engineering Cryptography Mathematics or a related field
• Preferred certifications include GIAC GCED CISSP CCSP CISM AWS Certified Security or equivalent
Pay Transparency The salary range for this position is $110000 - 140000 per year plus eligibility for an annual discretionary bonus. Actual pay is based on factors including work location skills and experience.
Citizens offers competitive pay comprehensive medical dental and vision coverage retirement benefits paid parental leave flexible work arrangements education reimbursement wellness programs and more. Citizens’ paid time off policy exceeds mandatory paid sick or paid time away requirements in all United States jurisdictions. For an overview of our benefits visit https://jobs.citizensbank.com/benefits.
About Us
Equal Employment Opportunity
Citizens its parent subsidiaries and related companies (Citizens) provide equal employment and advancement opportunities to all colleagues and applicants for employment without regard to age ancestry color citizenship physical or mental disability perceived disability or history or record of a disability ethnicity gender gender identity or expression genetic information genetic characteristic marital or domestic partner status victim of domestic violence family status/parenthood medical condition military or veteran status national origin pregnancy/childbirth/lactation colleague’s or a dependent’s reproductive health decision making race religion sex sexual orientation or any other category protected by federal state and/or local laws. At Citizens we are committed to fostering an inclusive culture that enables all colleagues to bring their best selves to work every day and everyone is expected to be treated with respect and professionalism. Employment decisions are based solely on merit qualifications performance and capability.
Equal Employment and Opportunity Employer
Job Applicant Data Privacy Policy
Background Check
Any offer of employment is conditioned upon the candidate successfully passing a background check which may include initial credit motor vehicle record public record prior employment verification and criminal background checks. Results of the background check are individually reviewed based upon legal requirements imposed by our regulators and with consideration of the nature and gravity of the background history and the job offered. Any offer of employment will include further information.
Top Skills
What We Do
As one of the oldest and largest financial services firms in the United States with a history dating back to 1828 we’re committed to providing solutions and expertise that support our customers clients colleagues and communities in what’s next on their own unique journey. We invest in the humans who build the logic ideas and innovations that bring new technologies to life. Investments in AI cloud computing machine learning and automation provide our engineers the tools that enable us to remain competitive and win in today’s environment. At Citizens we recognize that the journey to accomplishment is no longer linear and that individuals are made of all they have done and all they are going to do. Whether you’re considering banking with us or looking to work with us you’ll find a customer-centric culture and a supportive collaborative workforce at Citizens. You’re made ready and so are we. If you're ready to advance your career in technology and security learn more about opportunity's Citizens offers here: https://jobs.citizensbank.com/digital-transformation
Why Work With Us
We empower the colleagues that power our tech. With growth & upskilling opportunities and sought-after benefits plus a diverse culture of people and perspectives we help our colleagues achieve career goals. Because innovation can’t happen without the minds and hearts of our people. Technology is constantly evolving and we believe you can too.
Gallery
Similar Jobs
Dropbox
Product Manager
Zscaler
Senior Manager Learning and Experience Design
Trail of Bits
Security Engineer
Similar Companies Hiring
Explore More
Date Posted
04/16/2026
Views
0