Senior Cryptography Security Engineer
Markham (Markham)
Job description
Individually we are people, but together we are Aviva. Individually these are just words, but together they are our Values – Care, Commitment, Community, and Confidence.
We have an outstanding opportunity for a Senior Crypto Security Engineer in our new Cryptography team, to support the continued maintenance of our crypto key management processes and crypto standard methodologies. We are looking for someone with a positive and collaborative outlook.
In this role you will act as a Cryptography subject-matter expert and advisor, assigned to work on various Cybersecurity projects and Cybersecurity tools implementation. You will also act as a technical link between the project teams, business partners and technical teams such as GSOC, Data Loss Prevention, Risk & Compliance, Threat Intelligence, Vulnerability Management, Governance,
Identity and Access Management, Systems and Network Engineering, Software Development, 3rd Party Vendors/Suppliers, HR, Legal, etc.
This role is crafted to work closely with Cryptographic key management, Cyber Security and IT Risk in supporting all teams and systems requiring cryptographic key elements at a local and global scale, developing, optimizing, and maintaining cryptographic and cyber security standards. You will be accountable in supporting the Cryptography team in managing the lifecycle of cryptographic keys, the lifecycle of TLS certificates, vulnerability prevention and remediation.
The role will be primarily based out of the Markham head office, occasionally working from home. At present the whole team is working from home with monthly team meetings held at the Markham office.
In addition, you will evaluate and participate in the implementation and operation of security solutions in its field and participate in the development and governance of policies, standards and procedures for security, ensuring compliance.
You are comfortable in a forward-thinking and fast paced environment.
Does this sound like you?!
What you’ll do
· Responsible for efficiently supporting public key infrastructure and key management systems, both internally and externally
· Provide senior engineering and design support required, to build and maintain PKI/KMS systems, advice on applications to prevent fraud and mitigate risk.
· Be responsible for, support all PKI & KMS operations and deliver Cryptographic solutions, services, and processes across the enterprise by partnering with all collaborators
· Responsible for generation of new and upkeep of all HSM/PKI inventories, documentation, knowledge base and checklist
· Provides oversight and governance for HSM and PKI technologies used across the IT landscape
· Leads HSM incident response investigations and critical issues on HSM/PKI infrastructure, multi-functional with other teams to deliver best in class service and operational effectiveness and efficiency with collective ownership representing the Crypto team to action and resolve
· Participates in project activities for critical applications requiring managed cryptographic keys and integration with secure key storage solutions
· Participates in cross-department strategic discussions and working with management to develop roadmaps, strategies, and tactical plans to improve on Aviva Canada’s security posture with respect to HSM and key management technology
· Accountable for managing Crypto teams’ intake process by reviewing, assessing, and delivering cryptographic solutions to IT partners
· Ensure both KMS and PKI systems align to Cryptographic Standards, policies, guidelines and the industry best practices
· Manage the configuration of KMS and PKI systems, test systems and/or components to ensure readiness for production deployment and BAU
· Create and maintain system processes, policies, procedures with documentation.
· Maintain and update our Cryptography online informational site for our Crypto user base and partners
· Represent KMS/PKI Engineering on organizational project teams and ensure alignment to existing security policies and cryptographic standards
· Manage the successful technical delivery of Cybersecurity projects by working directly with key business/IT partners, executives and project teams
· Act as a technical lead on initiatives and as such must drive the vision and alignment of the solution delivery (SDLC) Service Delivery Life Cycle
· Provide second-line support of HSM and Key Management technologies, participating in the team’s support model with our partners
· Develop, build and improve KMS and PKI/PKE best practices and guidelines proficiently
· Champions a high-performance environment using a coaching and mentoring approach, behaviors and embracing Aviva Canada’s values and contributing to an inclusive work environment.
· Keep up on current technologies and maintain awareness of industry trends and threats, professional development focusing on KMS and PKI/PKE technologies
· Preparation, presentation and updating of service-related architecture and design documentation
· Provide KMS and PKI domain expertise and knowledge transfer to all Cryptographic Officers and our Crypto user base within Aviva Canada
· Support managing Key management platforms and applications (Cipher Trust Manager, HashiCorp Vault, Hardware Security Module, Public Key Infrastructure, Key Management System)
· Supporting the Certificate Management and the Cryptographic Key management processes
· Support the assessment and alignment to BPS Controls under CISO/Cryptography ownership as well as contribute to the improvement and further development of controls
· Support cryptographic key consumers in a decentralized support model across the IT landscape.
· Develop capabilities & solutions that deliver against our Cyber Security strategy
· Support managing Security and Vulnerability remediation as they relate to cryptographic key elements
· Able to influence, innovate and drive Cyber Security standard methodologies.
· Support application teams with production incident resolution and provide inputs for partner management.
· Work on Cybersecurity tools implementation
· Work to implement and onboard data sources to Security Information Event Management (SIEM) system
· Work on playbooks creation and processes automation in a SOAR platform
· Follow Security Policies, Standards, Procedures and Guidelines, Legal and Regulatory Compliances
· Define and manage product roadmap. Identify gaps, suggest best practices to improve security posture within Cybersecurity.
· Researching of emerging threats to gain insight and understanding of the evolving threat landscape and its impact to Aviva Canada.
What you’ll bring
· 8+ years’ experience working in an enterprise Security/IT environment
· 4+ years’ experience working in a Cybersecurity role, mainly Cryptography
· 3+ years’ experience working with data protection solutions such as CTM, HSM and HashiCorp Vault
· University Degree in Computer Science/Engineering or IT equivalent
· Strategic problem solver, self-starter, positive outlook, collaborative, persistence in face of challenges, with a passion for Cyber Security
· Outstanding technical skills, knowledge of network protocols and network communication principles, understanding of vulnerabilities and remediation techniques
· Experience with crafting detailed technical documentations for security solutions and operating efficiency process
· Experience with Endpoint security technologies like Cisco AMP, Tanium, Microsoft Defender ATP, McAfee, etc.
· A deep understanding on how encrypted data is managed and stored using encryption tools and encryption methods that adhere to the Cryptography Standards efficiently
· Experience with Network security technologies like Akamai, Cisco IPS, Checkpoint, Symantec Web Security, SMNP etc.
· Background in information security operations and threat and vulnerability management
· Exhibits strong analytical and conceptual thinking
· Ability to demonstrate dedication to Aviva and its internal & external customers
· Work & collaborate with a distributed team
· Excellent written, verbal, and interpersonal skills
· Continuous improvement mentality
· Professional and courteous in all interactions
· Excellent problem-solving & troubleshooting skills
· Strong verbal and written skills to interact with global teams and customers
· Ability to plan, organize and prioritize tasks to complete within established time frames
· Ability to work independently without direct supervision, self-motivated, and meet tight timelines
· Understanding of X.509, RSA and general certificate management processes
· Solid experience with public key infrastructure (PKI) and Key Management Systems (KMS)
· Experience with certificate and cryptographic key lifecycle management
· Experience with commercial Certificate Authority providers – ie. Sectigo
· Experience authoring Certificate Polices and Certification Practice Statements (CP/CPS)
· Strong proficiency in cryptography and cryptographic standards
· Possessing technical security certifications or a well-recognized security professional, auditor or manager certification such as the CISSP, the CISA or the CISM is a strong asset
What you’ll get
· Join a great company and culture, and a phenomenal team!
· Competitive rewards package
· Comprehensive benefits package, including Medical/Dental, personal wellness, defined contribution pension plan, share matching plan
· Annual performance related bonus and pay review
· Exceptional career development opportunities
· Vacation allowance of 20 days plus statutory holidays, personal floater day, the option to buy/sell up to 5 additional vacation days and time off for volunteer opportunities
· Discounts on many Aviva products through the Employee Purchase Program plus discounts for Friends and Family (some exclusions apply)
· We will support your professional development
Additional Information: Aviva Canada has an accommodation process in place to provide accommodations for employees with disabilities. If upon commencement of employment you require a specific accommodation because of a disability, please contact your Talent Acquisition Partner so that an appropriate accommodation can be arranged. This process applies throughout your career with Aviva Canada.