IT Risk and Security Engineer (PKI)

Are you ready to make an impact at DTCC?

Do you want to work on innovative projects, collaborate with a dynamic and supportive team, and receive investment in your professional development? At DTCC, we are at the forefront of innovation in the financial markets. We are committed to helping our employees grow and succeed. We believe that you have the skills and drive to make a real impact. We foster a thriving internal community and are committed to creating a workplace that looks like the world that we serve.

The Information Technology group delivers secure, reliable technology solutions that enable DTCC to be the trusted infrastructure of the global capital markets. The team delivers high-quality information through activities that include development of essential, building infrastructure capabilities to meet client needs and implementing data standards and governance.
 

Pay and Benefits:

• Competitive compensation, including base pay and annual incentive
• Comprehensive health and life insurance and well-being benefits, based on location
• Pension / Retirement benefits
• Paid Time Off and Personal/Family Care, and other leaves of absence when needed to support your physical, financial, and emotional well-being.
• DTCC offers a flexible/hybrid model of 3 days onsite and 2 days remote (onsite Tuesdays, Wednesdays and a third day unique to each team or employee).

Key Responsibilities

• Design, implement, and enhance enterprise‑wide systems to discover, inventory, and track certificates, cryptographic keys, and crypto protocols across servers, endpoints, applications, and network devices.
• Supporting cryptographic asset discovery and Cryptographic Bill of Materials (CBOM) inventory activities across applications, infrastructure, and endpoints.
• Assisting in identifying cryptographic algorithms, key sizes, and certificate attributes relevant for Post Quantum Cryptography (PQC) readiness assessments.
• Collaborating with application and security teams to validate crypto metadata used for CBOM reporting and risk analysis.
• Request intake, issuance, renewal, revocation, rotation, and expiry governance.
• Lead SSL/TLS certificate installation, configuration, and troubleshooting across servers, applications, APIs, load balancers, and cloud platforms.
• Proactively monitor certificate health, enforce renewal SLAs, and prevent service disruptions due to crypto failures.
• Support and optimize enterprise Certificate Authorities (internal & external) and certificate management platforms.
• Apply strong hands‑on knowledge of cryptographic algorithms and controls:
  • Symmetric encryption: AES (legacy awareness of 3DES)
  • Asymmetric encryption: RSA, ECC
  • Hashing algorithms: SHA‑256 / SHA‑3
  • Digital signatures, key exchange, and MACs
• Contribute to HSM integration and key protection strategies, with hands‑on or advanced conceptual exposure.

Key Skills

• CBOM Data Quality (PQC Support): Accurate capture of crypto algorithms, key parameters, and certificate metadata.
• Inventory Coverage: High percentage of endpoints, applications, and servers accurately tracked.
• Certificate Lifecycle Compliance: Zero unplanned outages due to expired or misconfigured certificates.
• Data Accuracy & Integrity: Reliable, audit‑ready crypto asset records.
• Operational Excellence: Reduction in manual interventions and incident recurrence.
• Reporting & Audit Readiness: Timely delivery of executive and audit reports.
• Stakeholder Enablement: Adoption and effective usage of crypto dashboards and reports.

Qualifications:

• Minimum of 4 years of related experience
• Bachelor's degree preferred or equivalent experience

Talents Needed for Success:

• Strong and practical expertise in PKI concepts (certificates, trust chains, CA hierarchies).
• Working awareness of PQC concepts and crypto‑agility, with the ability to support CBOM inventory efforts.
• Deep understanding of applied cryptography and enterprise security controls.
• Hands‑on experience with PKI architecture, certificate lifecycle operations, and troubleshooting.
• Proven experience supporting security operations, application security, infrastructure security, or IAM teams.
• Exposure to HSMs, key management, and secure key storage practices.
   

Actual salary is determined based on the role, location, individual experience, skills, and other considerations. We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, sex, gender, gender expression, sexual orientation, age, marital status, veteran status, or disability status. We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation.