Cryptography Engineer, Vice PresidentWho we are looking forThe Cryptography Engineer, Vice President will serve as a senior member of the Global Cybersecurity organization responsible for the design, engineering, automation, and operation of enterprise cryptographic services. This role will lead the implementation and support of Public Key Infrastructure (PKI), certificate lifecycle management, key management solutions, and cryptographic security controls across the enterprise.
The successful candidate will partner with application, infrastructure, cloud, security, and architecture teams to deliver secure, scalable, and automated cryptographic services that support the firm's security, regulatory, and operational requirements.
This position requires a strong combination of engineering expertise, operational leadership, and strategic thinking to modernize cryptographic capabilities, reduce risk, and support the organization's cryptographic agility and post-quantum readiness initiatives.
What you will be responsible forAs a Cryptography Engineer, VP you will:
- Design, implement, and operate enterprise PKI platforms, Certificate Authorities (CAs), and trust services.
- Manage the lifecycle of digital certificates including issuance, renewal, revocation, monitoring, and discovery.
- Lead the engineering and adoption of certificate automation technologies including ACME, EST, SCEP, and API-based integrations.
- Design and maintain enterprise key management solutions and cryptographic controls supporting applications, infrastructure, cloud platforms, and machine identities.
- Partner with application and infrastructure teams to onboard systems to enterprise PKI and certificate management services.
- Engineer secure solutions for code signing, SSH certificates, workload identities, and machine-to-machine authentication.
- Drive migration from legacy and unmanaged certificates to enterprise-standard certificate management platforms.
- Develop automation solutions that improve operational efficiency, scalability, and compliance.
- Support cloud cryptography integrations with Azure, AWS, and other strategic technology platforms.
- Participate in security architecture reviews to ensure cryptographic controls meet corporate standards and industry best practices.
- Monitor cryptographic risks, identify control gaps, and implement remediation plans.
- Support audit, compliance, regulatory, and risk management activities related to cryptography and PKI.
- Produce operational metrics, risk indicators, and reporting for senior management and governance forums.
- Contribute to the firm's post-quantum cryptography (PQC) strategy and cryptographic agility initiatives.
- Document standards, procedures, architectures, and operational practices.
- Provide technical leadership and mentoring to engineers and project teams.
What we valueThese skills will help you succeed in this role- Deep understanding of Public Key Infrastructure (PKI) and X.509 certificate technologies.
- Strong knowledge of cryptographic algorithms, protocols, and security architectures.
- Experience managing enterprise Certificate Authorities and certificate lifecycle platforms.
- Experience with certificate automation technologies and machine identity management.
- Knowledge of Hardware Security Modules (HSMs), key management systems, and cryptographic controls.
- Experience supporting cloud-native security services within Azure and AWS environments.
- Experience integrating security controls into DevOps and CI/CD pipelines.
- Strong understanding of authentication, identity, and access management concepts.
- Knowledge of regulatory and industry standards including NIST, PCI-DSS, FFIEC, and related security frameworks.
- Strong troubleshooting, analytical, and problem-solving skills.
- Ability to communicate effectively with technical and executive stakeholders.
Education & Preferred Qualifications- Bachelor's degree in Computer Science, Engineering, Information Security, or related field.
- 7+ years of experience in Cybersecurity, Cryptography, PKI, or Security Engineering.
- 5+ years of experience designing and operating enterprise PKI and certificate management solutions.
- Professional certifications such as CISSP, CCSP, GIAC, Security+, or equivalent are preferred.
- Experience with KeyFactor, DigiCert, Microsoft ADCS, Venafi, Sectigo, or similar platforms is highly desirable.
- Experience with cryptographic agility and post-quantum cryptography initiatives is preferred.
Why this role is important to usCryptography forms the foundation of trust across the enterprise. This role is responsible for securing digital identities, protecting sensitive information, enabling secure communications, and ensuring compliance with internal and external security requirements. As State Street continues its modernization, automation, and post-quantum readiness journey, this position will play a critical role in advancing the enterprise cryptography strategy and securing the firm's future digital ecosystem.
Salary Range: $120,000 - $202,500 Annual
The range quoted above applies to the role in the primary location specified. If the candidate would ultimately work outside of the primary location above, the applicable range could differ.
Employees are eligible to participate in State Street's comprehensive benefits program, which includes: our retirement savings plan (401K) with company match; insurance coverage including basic life, medical, dental, vision, long-term disability, and other optional additional coverages; paid-time off including vacation, sick leave, short term disability, and family care responsibilities; access to our Employee Assistance Program; incentive compensation including eligibility for annual performance-based awards (excluding certain sales roles subject to sales incentive plans); and, eligibility for certain tax advantaged savings plans.
For a full overview, visit https://hrportal.ehr.com/statestreet/Home.