Lead Infrastructure Security Engineer, Data at Rest Encryption
Columbus, North Carolina, United States of America
Full Time
4 hours ago
$119,000 - $187,000 USD
Visa Sponsor
Key skills
AnsibleLinuxNFSRisk ManagementChange Management
About this role
Role Overview
- Focus on delivering commitments aligned to enterprise strategic priorities
- Build support for strategies with business and technology leaders
- Guide development of actionable roadmaps and plans
- Identify opportunities and strategies for continuous improvement of product delivery practices
- Set risk management guidelines and partner with stakeholders to implement key risk initiatives
- Collaborate and influence all levels of professionals including more experienced managers
- Interface with external agencies, regulatory bodies, or industry forums
- Interpret and develop range of policies and procedures for functions with moderate to higher complexity and risk
- Lead efforts to facilitate / manage projects, products, strategic plans and execute other operational aspects on behalf of leader
- Lead efforts to define / manage required business plans (i.e. draft proposals & plans) and support related initiatives across products – including analyzing & identifying opportunities for efficiencies and innovation across internal processes and the tools to support
- Support the product line general manager to solve problems, manage disputes and deal with any issues impacting the TI organization.
Requirements
- 5+ years of Information Security Engineering experience, or equivalent demonstrated through one or a combination of the following: work experience, training, military experience, education
- Hands-on experience designing, deploying, and operating Thales CipherTrust Transparent Encryption (CTE) for unstructured data at rest, including file, folder, and volume-level encryption
- Deep understanding of CTE agent architecture, GuardPoints, policies, and In-Place / Live Data Transformation (IDT/LDT) concepts and trade-offs
- Proven experience administering CipherTrust Manager (formerly DSM/Vormetric) for: Centralized key lifecycle management, Policy enforcement and Audit and access logging
- Strong engineering experience with Linux (RHEL, SLES), Windows, and AIX in enterprise environments
- Practical knowledge of supported file systems (e.g., ext3/ext4, NTFS, NFS, raw disk encryption scenarios) and their interaction with CTE agents
- Ability to assess kernel compatibility, AES-NI requirements, and host readiness prior to encryption enablement
- Strong understanding of data-at-rest encryption principles, including: Threat models beyond disk theft (privileged user access, data exfiltration), Why file/folder-level encryption is required in addition to disk encryption, Knowledge of AES-256 encryption, hardware acceleration (AES-NI), and performance considerations in high-IO workloads
- Experience operating encryption solutions in regulated environments
- Experience deploying and managing CTE agents using automation frameworks (e.g., Ansible) rather than manual installs
- Ability to design repeatable, scalable onboarding patterns for thousands of hosts and large NAS environments
- Familiarity with change management constraints (reboots, maintenance windows, encryption sequencing) in production systems
Tech Stack
- Ansible
- Linux
- NFS
Benefits
- Health benefits
- 401(k) Plan
- Paid time off
- Disability benefits
- Life insurance, critical illness insurance, and accident insurance
- Parental leave
- Critical caregiving leave
- Discounts and savings
- Commuter benefits
- Tuition reimbursement
- Scholarships for dependent children
- Adoption reimbursement