Lead PKI & Encryption Services Engineer

Join a team that puts its People First! Since 1889, First American (NYSE: FAF) has held an unwavering belief in its people. They are passionate about what they do, and we are equally passionate about fostering an environment where all feel welcome, supported, and empowered to be innovative and reach their full potential. Our inclusive, people-first culture has earned our company numerous accolades, including being named to the Fortune 100 Best Companies to Work For list for ten consecutive years. We have also earned awards as a best place to work for women, diversity, and LGBTQ+ employees, and have been included on more than 50 regional best places to work lists. First American will always strive to be a great place to work, for all. For more information, please visit www.careers.firstam.com.

In this position, you will play a critical role in ensuring the security and integrity of digital communications within the First American organization. You will be responsible for managing the full lifecycle of digital certificates, including issuance, renewal, and revocation. This role combines expertise in cryptography with practical skills in systems engineering, application integration, data security, and network security.

1. Design, develop, and deploy encryption solutions across various platforms (e.g., cloud, on-premises, mobile).
2. Integrate encryption key management services into existing infrastructure to safeguard data at rest, in transit, and in use.
3. Work closely with product and security teams to tailor encryption solutions for specific business needs.
4. Develop and manage secure key generation, distribution, storage, and rotation processes, including quorum approvals.
5. Automate key lifecycle management to enhance operational efficiency and security.
6. Integrate encryption modules with APIs, databases, file storage systems, and communication protocols.
7. Conduct rigorous testing to verify encryption strength and system resilience.
8. Collaborate with quality assurance teams to ensure encryption solutions perform as expected.
9. Stay abreast of the latest encryption methodologies, tools, and vulnerabilities, including post-quantum cryptography.
10. Evaluate and recommend new technologies to enhance encryption effectiveness or reduce performance overhead.
11. Investigate and remediate encryption-related issues with IT and incident response teams.
12. Analyze logs and system behaviors to detect cryptographic anomalies or breaches.
13. Develop mitigation strategies and improve systems based on security incident lessons learned.
14. Create and manage the Public Key Infrastructure (PKI) for the company.
15. Manage the secure generation and distribution of cryptographic keys and digital certificates.
16. Oversee PKI infrastructure, Certificate Authority (CA), Hardware Security Modules (HSM), and KMS systems.
17. Maintain knowledge of industry standards and relevant requirements (e.g., NIST, RFCs, CA/B Forum).
18. Communicate effectively with key partners (e.g., project managers, engineers, developers).
19. Utilize tools like OpenSSL to view certificates, CRLs, and OCSP responses.
20. Integrate digital certificates with applications and services.
21. Drive global adoption of PKI and encryption services.
22. Continuously improve engineering and operational practices in PKI and key management, focusing on security, simplicity, and stability.
23. Ensure secure communication, authentication, and data protection through PKI and encryption service integration.
24. Troubleshoot and resolve complex certificate, authentication, and system performance issues.
25. Monitor and maintain platform security and compliance with industry regulations.
26. Manage the lifecycle of digital certificates, including issuance, renewal, revocation, and key rotation.
27. Coordinate with System and Business Process Analysts to interpret certificate and key management requirements.
28. Identify problems, research solutions, prepare presentations, and implement improvements across processes.
29. Create reports, analyze data, and communicate trends to management.
30. Perform duties outside normal hours as needed.
31. Provide mentorship, advice, or training to less experienced team members, and lead projects with moderate budgets or durations.
32. Work independently with supervisory consultation, set project objectives, and monitor progress.
33. Devise or modify department processes and procedures.

Knowledge and Skills:

• Preferred: BS/BA in Computer Science or relevant field.
• 7+ years of experience with scalable enterprise software, including 5+ years with commercial PKI products in large enterprises.
• Relevant industry certifications (e.g., CISSP, ISSEP, ISSAP) preferred.
• Strong negotiation and consensus-building skills.
• Deep knowledge of industry practices, policies, and procedures related to PKI and cryptography.

Technical Expertise:

• Hands-on experience with platforms like Azure KeyVault, AWS KMS, Venafi, Fortanix, CipherTrust, etc.
• Experience implementing Identity and Access Management, PKI, and KMS technologies.
• Vendor management experience.
• Strong understanding of cryptographic operations, algorithms, protocols, and key management systems.
• Experience with encryption libraries like OpenSSL and their deployment.

Systems and Network Security:

• Knowledge of network security protocols and secure architecture.
• Experience with secure software development and vulnerability management.
• Understanding of cloud security, automation, and encryption as a service.

Regulatory and Compliance Knowledge:

• Familiarity with standards and legal requirements for data encryption and privacy.
• Ability to translate regulatory mandates into technical implementations.

Problem-Solving and Analytical Skills:

• Strong analytical skills for diagnosing encryption issues.
• Experience balancing security, efficiency, and scalability in encryption systems.
• Understanding of PKI technologies, including CA systems and Key Management.
• Ability to troubleshoot application and client-side encryption issues.
• Proficiency in scripting and programming languages, with good communication and documentation skills.
• Teamwork and multitasking abilities.

Salary Range: $126,100.00 - $168,100.00

This range is an estimate and actual pay may vary based on experience, skills, and location.