We're seeking someone to join our PKI and Secrets Management team as a Cryptography Infrastructure Engineer with a strong focus on both engineering and operations in the Data Protection Services department to design, implement, and support enterprise cryptographic solutions, including Public Key Infrastructure (PKI), Hardware Security Modules (HSM), certificate lifecycle and secrets management tools.
What You’ll Do In The Role
* Communicate regularly with product leads across the organization and discuss opportunities for improvement to existing and future technology solutions.
* Design, implement, and maintain enterprise cryptographic infrastructure, including PKI, HSMs, and certificate management platforms.
* Manage the full certificate lifecycle (issuance, renewal, revocation, and deployment) to ensure security, availability, and compliance.
* Engineer and support secure key management solutions leveraging HSMs, including key generation, storage, rotation, and backup.
* Monitor and operate cryptographic services in a 24/7 environment (on call rotations), ensuring high availability, incident response, and performance optimization.
* Automate certificate and key management processes to reduce manual effort and minimize operational risk.
* Collaborate with application, infrastructure, and security teams to integrate cryptographic controls into enterprise systems and cloud environments.
* Support the evaluation, design, and adoption of Post-Quantum Cryptography (PQC) capabilities, including PQC.
* Enable PKI environments, crypto‑agility strategies and transition planning.
What You’ll Bring To The Role
* Ability to effectively manage multiple functions and initiatives.
* Bachelor's degree in Computer Science, Cybersecurity, Information Technology, a related field, or equivalent experience.
* 5+ years of hands‑on experience in cybersecurity engineering or operations, with exposure to cryptographic services (PKI, HSMs, certificate management).
* Strong understanding of cryptographic principles, protocols, and standards (e.g., TLS, X.509, key exchange, encryption algorithms).
* Proven experience managing PKI environments and certificate lifecycle tools in enterprise and/or cloud environments.
* Hands‑on experience with HSM technologies and key management practices, including secure key generation, storage, rotation, and backup.
* Familiarity with automation and scripting (e.g., Python, PowerShell, or similar) to streamline certificate and key management processes.
* Knowledge of emerging cryptographic trends, including Post‑Quantum Cryptography (PQC) and crypto‑agility concepts; relevant certifications such as CISSP, CISM, or vendor‑specific PKI/HSM certifications are preferred.
Benefits & Opportunities
We offer comprehensive employee benefits and perks in the industry, supportive work‑life balance, and ample opportunities for career growth across our global business.
Morgan Stanley is an equal opportunity employer committed to building and maintaining a diverse workforce. For more information, visit our EEO page.
#J-18808-Ljbffr