We’re seeking someone to join our PKI and Secrets Management team as a Cryptography Infrastructure Engineer with a strong focus on both engineering and operations in Data Protection Services department to design, implement, and support enterprise cryptographic solutions, including Public Key Infrastructure (PKI), Hardware Security Modules (HSM), certificate lifecycle and secrets management tools.
What you’ll do in the role:
- Communicate regularly with product leads across the organization and discuss opportunities for improvement to existing and future technology solutions.
- Design, implement, and maintain enterprise cryptographic infrastructure, including PKI, HSMs, and certificate management platforms.
- Manage the full certificate lifecycle (issuance, renewal, revocation, and deployment) to ensure security, availability, and compliance.
- Engineer and support secure key management solutions leveraging HSMs, including key generation, storage, rotation, and backup.
- Monitor and operate cryptographic services in a 24/7 environment (on call rotations), ensuring high availability, incident response, and performance optimization.
- Automate certificate and key management processes to reduce manual effort and minimize operational risk.
- Collaborate with application, infrastructure, and security teams to integrate cryptographic controls into enterprise systems and cloud environments.
- Support the evaluation, design, and adoption of Post-Quantum Cryptography (PQC) capabilities, including PQC.
- Enabled PKI environments, crypto-agility strategies and transition planning.
What you’ll bring to the role:
- Ability to effectively manage multiple functions and initiatives.
- Bachelor’s degree in Computer Science, Cybersecurity, Information Technology, a related field, or equivalent experience.
- 5+ years of hands‑on experience in cybersecurity engineering or operations, with exposure to cryptographic services (PKI, HSMs, certificate management).
- Strong understanding of cryptographic principles, protocols, and standards (e.g., TLS, X.509, key exchange, encryption algorithms).
- Proven experience managing PKI environments and certificate lifecycle tools in enterprise and/or cloud environments.
- Hands‑on experience with HSM technologies and key management practices, including secure key generation, storage, rotation, and backup.
- Familiarity with automation and scripting (e.g., Python, PowerShell, or similar) to streamline certificate and key management processes.
- Knowledge of emerging cryptographic trends, including Post‑Quantum Cryptography (PQC) and crypto‑agility concepts; relevant certifications such as CISSP, CISM, or vendor‑specific PKI/HSM certifications are preferred.
Certified Persons Regulatory Requirements
If this role is deemed a Certified role and may require the role holder to hold mandatory regulatory qualifications or the minimum qualifications to meet internal company benchmarks.
Flexible Work Statement
Interested in flexible working opportunities? Morgan Stanley empowers employees to have greater freedom of choice through flexible working arrangements. Speak to our recruitment team to find out more.
Equal Opportunity Employer Statement
Morgan Stanley is an equal opportunity employer committed to building and maintaining a workforce that is diverse in experience and background. Our recruiting efforts reflect our strong commitment to a culture of inclusion, where individuals are hired, developed, and advanced based on their skills and talents.
EEO Statement
Our workforce reflects a broad cross‑section of the global communities in which we operate, bringing a variety of backgrounds, talents, perspectives, and experiences.
For more information, please visit: https://www.morganstanley.com/people-opportunities/eeo.
#J-18808-Ljbffr…