Clicking on the following button will update the content below

Cryptography Design Engineer
BrandBest Buy

Best Buy is looking for a Cryptography Design Engineer to help build complex encryption environments. This role drives complex design, development, and implementation activities aligned with several technologies including, but not limited to Enterprise Public Key Infrastructure (PKI), Hardware Security Modules (HSM), Key Management Systems (KMS) Certificate Management Lifecycle Platforms, Encryption Management, and Code Signing. This role drives IT security and productivity by enabling secure connectivity for technical assets and devices within our infrastructure through the creation and management of digital certificates.

Individuals in this role must be well versed and educated in common Information Security practices and the CISSP domains, and possess general IT experience, and leverage thiss experience to identify opportunities for improvement to the information security environment, focusing on PKI, encryption, and certificate-based authentication solutions.

Key Responsibilities:
  • Design, deployment, maintenance of enterprise PKI systems
  • Ensure PKI systems align to the companies Information Security policies, standards, and the industry best practices
  • Manage the configuration of PKI systems, test PKI systems and/or components to ensure readiness for production deployment. Create and maintain system documentation.
  • Represent PKI Engineering on organizational project teams, ensure adherence to existing security policies/standards
  • Assist in maintenance/escalation support all Enterprise Encryption Services protecting Data at Rest, Data in flight, and Transaction Data
  • Work with senior members to evaluate upgrades, new products, technologies for the enterprise encryption solutions
Minimum Requirements:
  • 6+ years of design/implementation/optimization Encryption Solutions
  • 4+ years’ experience of automation work via PowerShell
  • 1+ year of audit implementing defined processes for Internal and external compliance programs
  • Drive data protection Architecture and Design/implementation/optimization Encryption Solutions
  • Engage in the initial requirements definition including analysis of risk and alignment with Information Security, Engineering, IT and Architecture standards
  • Participate in projects to deploy new encryption/data protection applications and services
  • Implement changes to encryption infrastructure in accordance with standard procedures/change control policies/procedures
  • Proactively identify/recommend process improvement to reduce risk/improve operational efficiency
  • Document design, installation, Operations and Maintenance guides
  • Develop end to end Key Management, Microsoft PKI, Payment gateways, Database encryption, Venafi, Hardware security module and Data at rest encryption applications
Preferred Qualifications:
  • Strong scripting capability in PowerShell or scripting language
  • Experience and deeper understanding on the FIPS 140-2 level 2+ certified Hardware Security Modules, Key Management systems such as Thales/Gemalto Key Secure and FutureX
  • Understanding security protocols such as SSL/TLS, SSH, CMP, KMIP
  • Understanding and experience with the cryptography fundamentals, Digital Certificates, CRL/OCSP, PKI and PKCS standards (PKCS #5, #7, #8, #10, #11 and #12)
  • Understand database protection functionality including the Native Encryption and Transparent Data Encryption
  • Understanding various operating/file systems i.e. HEL, Windows, NFS.
  • Exposure to Oracle, SQL, Teradata platforms protection
  • Onsite Design and escalation support of encryption technologies such as general purpose and payment HSMs
  • Design and facilitate the Key Custodian Program
Portfolio Technologies:
  • Certificate Lifecycle Management (CLM) – Venafi; Internal PKI (ACDS); Entrust
  • Data in Motion Encryption – Gemalto HSM; FutureX HSM; Azure Key Vault
  • Data at Rest Encryption – Protegrity; Gemalto File Protect & Protect V; Symantec Desktop & Universal Gateway

Auto Req. ID770726BR
Employment CategoryDigital & Information Technology
Job LevelManager without Direct Reports
Location Number940040-105-IDAM
Address7601 Penn Avenue South


Clicking on the following button will update the content below