Senior Encryption Engineer

Overview

Texas Capital Bank is built to help businesses and their leaders. Our depth of knowledge and expertise allows us to bring the best of the big banks at a scale that makes sense for our clients, with highly experienced bankers who truly invest in people’s success — today and tomorrow.

While we are rooted in core financial products, we are differentiated by our approach. Our bankers are seasoned financial experts who possess deep experience across a multitude of industries. Equally important, they bring commitment — investing the time and resources to understand our clients’ immediate needs, identify market opportunities and meet long-term objectives. At Texas Capital Bank, we do more than build business success. We build long-lasting relationships.Headquartered in Dallas, Texas Capital Bank has offices in Austin, Fort Worth, Houston, Richardson, Plano and San Antonio. We serve clients across the nation in a variety of industries. For more information about joining our team, visit texascapitalbank.com.

Brief Overview of Position

The Senior Encryption Engineer leads first line of defense Information Security services around data protection security and related matters. They review, design and develop security operational processes, standards, and procedures utilizing current and new technologies to improve security controls and business performance.  The Senior Encryption Engineer will coordinate with internal teams to implement data security solutions and improve security that is aligned with corporate business objectives and regulatory requirements.  

Responsibilities

• Subject Matter Expertise - Lead the design, implementation, and maintenance of enterprise encryption program/services solutions to business areas, project teams and vendors to apply and execute appropriate use of technology solutions and leads efforts to examine technology vision, opportunities, and challenges with regard to security standards and the impact of the technology. Create technical detailed implementation plan for desired state


• Security Trends - Evaluate and understand current state of enterprise encryption capabilities/services. Continually works to enhance breadth and depth of knowledge and experience. Monitors and anticipates trends and investigates organizational objectives and needs.


• Reporting -Create and maintain operational documentation and reports to support monthly trend analysis as well as project components


• Business As Usual - Implement and monitor all online PKI server components, monitor, and troubleshoot PKI logs for errors and warnings and perform daily health-checks for PKI solution platforms. Will also be responsible for the day-to-day management and oversight on all on prem and cloud key management platforms to preserve separation of duty with teams leveraging symmetric, asymmetric keys and certificates.


• Vendor/Tool Selection – Leads the research, evaluation, proof-of-concept, selection, and implementation of technology solutions. Provides detailed analysis of pros and cons and build vs buy options.


• Process Improvement - Promotes implementation of new technology, solutions and methods to improve business processes, efficiency, effectiveness and value delivered to customers. Perform gap analysis between current state and desired state of enterprise encryption program/services and document findings


• Incident Response – Is involved in security incident response activities and post-event reviews of security incidents.

The duties listed above are the essential functions, or fundamental duties within the job classification.  The essential functions of individual positions within the classification may differ.  Texas Capital Bank may assign reasonably related additional duties to individual employees consistent with standard departmental policy.

Qualifications

• 2 years of operational experience is required; must have implemented and managed PKI, Key Management systems, Data Masking platforms, HSMs and other cryptographic technology platforms. Must possess strong technical knowledge of cryptographic platform architecture, system policies, rules, etc


• Understanding of concepts involving Hardware Security Modules (HSM), Enterprise Key Management, applying Encryption at various levels of granularity


• Ability to understand requirements and problem-sets and design solutions to address their PKI or encryption needs


• Experience with multiple CA (certificate authority) vendors and platforms


• Experience with installing and configuring certificates in multiple application types


• Familiarity with AWS, AWS Cloud HSM, AWS Certificate Manager (ACM), AWS Key Management Solution (KMS)AWS Private Certificate Authority (ACM PCA), Azure Electronic Key Management (EKM) Microsoft two or three tier PKI, managed PKI services


• Experience with multiple cryptographic algorithms and cipher suites as well as up to date on deprecated algorithms for decommissioning.


• Strong verbal and written communications skills; must be able to effectively communicate technical details and thoughts in non-technical/general terminology to various levels of the organization.


• Knowledge of Data Security best practices and security solutions


• Knowledge in a cloud-based environment (Azure, AWS, GCP)


• Knowledge of common technologies, enterprise and network architecture


• Understanding of:
  
  
  
  • Modern security tools and controls
  
  
  • Programming languages or other scripting languages
  
  
  • Financial industry regulations such as GLBA, PCI, and SOX
  
  


• Knowledge of or demonstrated experience with defense in depth, trust levels, privileges and permissions


• Bachelor’s degree in Information Security, Information Technology, Information Systems Management, Computer Science, Engineering or related field(s) or equivalent demonstrated work experience preferred


• Base Technology or Security certification (CISSP, CompTIA Security , CCENT, CCNA, MCSA, etc) preferred