Senior Cryptographic Security Engineer
Role Summary
The Senior Cryptographic Security Engineer is a hands on technical leader responsible for designing, operating, and evolving the organization’s cryptographic platforms with a strong emphasis on operational resilience, automation, and risk reduction.
This role sits at the intersection of cryptography, PKI, certificate lifecycle management, cloud key management services, automation, and incident prevention. The Cryptographic Engineering team balances run the platform responsibility with build the future engineering, ensuring enterprise cryptographic controls are stable today and adaptable to emerging threats such as post quantum cryptography.
Key Responsibilities
Cryptographic Engineering and Architecture • Design and evolve enterprise cryptographic architectures across Public Key Infrastructure, TLS and certificate lifecycle management, cloud key management platforms including AWS KMS and Azure Key Vault, and Hardware Security Modules including Thales
• Serve as a subject matter expert in cryptographic algorithms, protocols, key management practices, certificate chains, trust models, and lifecycle controls
• Provide senior technical oversight for cryptographic operations including certificate issuance, renewal, validation, and incident response
• Lead key rotation events including customer managed keys via external HSM and KMS platforms
• Act as an escalation point for complex cryptographic incidents where failure could result in production impact
Automation and Platform Engineering • Design and implement automation to reduce manual cryptographic work
• Enable certificate discovery, ownership inference, and lifecycle automation
• Integrate cryptographic workflows with ServiceNow for routing, ownership, and change enablement
• Build API driven automation across platforms including Venafi, CyberArk, Wiz, ServiceNow, AWS, and OpenShift Cert Manager
Post Quantum Cryptography and Crypto Agility • Lead the organization’s post quantum cryptography strategy and preparedness
• Inventory quantum vulnerable cryptographic implementations
• Define crypto agility requirements across platforms and services
• Evaluate hybrid TLS and post quantum cryptography migration approaches
• Translate evolving standards including NIST PQC and CNSA 2.0 into phased engineering plans that protect production stability
Risk Management, Assurance, and Audit Support • Collaborate with cryptographic assurance and quality teams to validate cryptographic deployments and review high risk changes
• Assess and document exceptions and compensating controls
• Support audits and regulatory reviews by explaining cryptographic controls, operating models, and risk based decision making
Required Qualifications • Eight plus years of experience in cryptographic systems, PKI, or security engineering
• Experience designing, implementing, or supporting large scale enterprise certificate management programs
• Deep practical knowledge of TLS, X.509 certificates, trust chains, and certificate lifecycle management
• Strong expertise in cryptographic key management and HSM platforms
• Experience with at least one major cloud provider encryption ecosystem, AWS and or Azure
Tools and Platforms, Hands On Experience • Venafi TLS Protect, Trust Protection Platform, or equivalent
• Thales CipherTrust or comparable HSM platforms
• ServiceNow CMDB, workflow, or task routing for security operations
• Scripting or automation using Python, PowerShell, or similar languages
• API based integration and automation
Nice to Have Experience • Post quantum cryptography planning or proof of concept experience
• Exposure to cryptographic bill of materials or cryptographic inventory initiatives
• Financial services or other highly regulated industry experience
• Prior experience balancing platform operations and engineering responsibilities
Education and Certifications • Bachelor’s or Master’s degree in Computer Science, Computer Engineering, Cryptography, Mathematics, or a related field
• Preferred certifications include GIAC GCED, CISSP, CCSP, CISM, AWS Certified Security, or equivalent
Pay Transparency The salary range for this position is $110,000 - 140,000 per year, plus eligibility for an annual discretionary bonus. Actual pay is based on factors including work location, skills, and experience.
Citizens offers competitive pay, comprehensive medical, dental, and vision coverage, retirement benefits, paid parental leave, flexible work arrangements, education reimbursement, wellness programs, and more. Citizens’ paid time off policy exceeds mandatory paid sick or paid time away requirements in all United States jurisdictions. For an overview of our benefits, visit https://jobs.citizensbank.com/benefits.
About Us
Equal Employment Opportunity
Citizens, its parent, subsidiaries, and related companies (Citizens) provide equal employment and advancement opportunities to all colleagues and applicants for employment without regard to age, ancestry, color, citizenship, physical or mental disability, perceived disability or history or record of a disability, ethnicity, gender, gender identity or expression, genetic information, genetic characteristic, marital or domestic partner status, victim of domestic violence, family status/parenthood, medical condition, military or veteran status, national origin, pregnancy/childbirth/lactation, colleague’s or a dependent’s reproductive health decision making, race, religion, sex, sexual orientation, or any other category protected by federal, state and/or local laws. At Citizens, we are committed to fostering an inclusive culture that enables all colleagues to bring their best selves to work every day and everyone is expected to be treated with respect and professionalism. Employment decisions are based solely on merit, qualifications, performance and capability.
Equal Employment and Opportunity Employer
Job Applicant Data Privacy Policy
Background Check
Any offer of employment is conditioned upon the candidate successfully passing a background check, which may include initial credit, motor vehicle record, public record, prior employment verification, and criminal background checks. Results of the background check are individually reviewed based upon legal requirements imposed by our regulators and with consideration of the nature and gravity of the background history and the job offered. Any offer of employment will include further information.
Top Skills
Citizens Boston, Massachusetts, USA Office
28 State St, Boston, MA, United States, 02109
Similar Jobs
.png){kind=logo}
What you need to know about the Boston Tech Scene
Key Facts About Boston Tech
- Number of Tech Workers: 269,000; 9.4% of overall workforce (2024 CompTIA survey)
- Major Tech Employers: Thermo Fisher Scientific, Toast, Klaviyo, HubSpot, DraftKings
- Key Industries: Artificial intelligence, biotechnology, robotics, software, aerospace
- Funding Landscape: $15.7 billion in venture capital funding in 2024 (Pitchbook)
- Notable Investors: Summit Partners, Volition Capital, Bain Capital Ventures, MassVentures, Highland Capital Partners
- Research Centers and Universities: MIT, Harvard University, Boston College, Tufts University, Boston University, Northeastern University, Smithsonian Astrophysical Observatory, National Bureau of Economic Research, Broad Institute, Lowell Center for Space Science & Technology, National Emerging Infectious Diseases Laboratories
