Cybersecurity Engineer (Cryptography)

We’re seeking a Cybersecurity Engineer to join our PKI and Secrets Management team. The role focuses on engineering and operations in the Data Protection Services department to design, implement, and support enterprise cryptographic solutions such as PKI, HSMs, certificate and secrets management tools.

What You’ll Do

• Communicate regularly with product leads across the organization and discuss opportunities for improvement to existing and future technology solutions.
• Design, implement, and maintain enterprise cryptographic infrastructure, including PKI, HSMs, and certificate management platforms.
• Manage the full certificate lifecycle (issuance, renewal, revocation, and deployment) to ensure security, availability, and compliance.
• Engineer and support secure key management solutions leveraging HSMs, including key generation, storage, rotation, and backup.
• Monitor and operate cryptographic services in a 24/7 environment (on call rotations), ensuring high availability, incident response, and performance optimization.
• Automate certificate and key management processes to reduce manual effort and minimize operational risk.
• Collaborate with application, infrastructure, and security teams to integrate cryptographic controls into enterprise systems and cloud environments.
• Support the evaluation, design, and adoption of Post‑Quantum Cryptography (PQC) capabilities.
• Enable PKI environments, crypto‑agility strategies and transition planning.

What You’ll Bring

• Ability to effectively manage multiple functions and initiatives.
• Bachelor’s degree in Computer Science, Cybersecurity, Information Technology, a related field, or equivalent experience.
• 5+ years of hands‑on experience in cybersecurity engineering or operations, with exposure to cryptographic services (PKI, HSMs, certificate management).
• Strong understanding of cryptographic principles, protocols, and standards (e.g., TLS, X.509, key exchange, encryption algorithms).
• Proven experience managing PKI environments and certificate lifecycle tools in enterprise and/or cloud environments.
• Hands‑on experience with HSM technologies and key management practices, including secure key generation, storage, rotation, and backup.
• Familiarity with automation and scripting (e.g., Python, PowerShell, or similar) to streamline certificate and key management processes.
• Knowledge of emerging cryptographic trends, including Post‑Quantum Cryptography (PQC) and crypto‑agility concepts; relevant certifications such as CISSP, CISM, or vendor‑specific PKI/HSM certifications are preferred.

Morgan Stanley is an equal opportunity employer committed to building and maintaining a workforce that is diverse in experience and background. Our recruiting efforts reflect our strong commitment to a culture of inclusion, where individuals are hired, developed, and advanced based on their skills and talents. For more information, please visit: https://www.morganstanley.com/people-opportunities/eeo.

#J-18808-Ljbffr…