Encryption Lead

Job Title: Encryption Lead
Location: Princeton, NJ
Duration: Full Time

Job Description:

• Develop and maintain the enterprise cryptographic strategy, ensuring alignment with security, compliance, and business objectives.
• Define and implement key lifecycle management processes and procedures, including key generation, rotation, revocation, and decommissioning for cloud, on-premises, and IoT environments.
• Architect and deploy centralized Key Management Systems (KMS), including cloud-native KMS (AWS KMS, Azure Key Vault, OCI KMS), enterprise HSMs, and PKI solutions.
• Ensure robust data encryption methodologies are applied to data stored in databases, applications, and IoT connected devices.
• Collaborate with cloud security and DevSecOps teams to integrate encryption and key management into CI/CD pipelines and Infrastructure as Code (IaC) deployments.
• Develop IoT encryption frameworks to secure IoT devices.
• Oversee the integration of encryption solutions into applications, databases, cloud services, IoT platforms, and enterprise infrastructure.
• Collaborate with application security, infrastructure, and DevSecOps teams to embed cryptographic security controls into software development and deployment processes.
• Drive post-quantum cryptography (PQC) readiness by evaluating and preparing for emerging threats to encryption security.
• Ensure compliance with NIST 800-57, PCI DSS, FIPS 140-2/3, ISO 27001, GDPR, FFIEC, and IoT security (NIST 800-183, ETSI EN 303 645).
• Developing governance frameworks for cryptographic key management, including policies for key storage, access control, logging, and auditing.
• Conduct risk assessments, vulnerability testing, and security reviews for cryptographic implementations, IoT ecosystems, and cloud security controls.
• Act as a key stakeholder in security audits, regulatory assessments, and IoT security standardization efforts.
• Provide Technical mentorship and training to internal teams on encryption best practices, cloud security, and IoT security.
• Stay ahead of advancements in cryptographic algorithms, quantum computing risks, and emerging IoT security frameworks.
• Drive innovation in encryption automation, integrating key management with DevSecOps, and Infrastructure as Code (IaC).

Education & Preferred Qualifications

• You have multiyear (>6 years) experience within Cybersecurity including SecOps, threat modelling, and secure architecture.
• Bachelor's Degree in Computer Science/Engineering or related discipline, or equivalent work experience.
• Strong proficiency in Python, PowerShell, Bash, or Java.
• Hands-on Experience with key management systems (HashiCorp Vault, ASW KMS, Azure Key Vault, OCI KMS).
• Familiarity with X.509 certificates, PKI automation, TLS/SSL, ACME protocol, and certificate lifecycle management.
• Experience with Kubernetes, Terraform, Ansible, Chef, and CI/CD automation.
• Understanding of cryptographic algorithms (AES, RSA, ECC), hardware security modules (HSMs), and secure key storage practices.
• Experience working in financial institutions or other highly regulated industries.
• Certifications such as CISSP, CISM, AWS Security Specialty, HashiCorp Certified Vault Associate or CCSK.
• Familiarity with NIST 800-57, PCI DSS, FIPS 140-2/3, ISO 27001, GDPR, FFIEC, and IoT security (NIST 800-183, ETSI EN 303 645).

Additional requirements

• Travel up to 25% may be required

Job Type: Full-time

Work Location: On the road