HealthEquityRemote
Sr Encryption & Data Protection Engineer
United States of America
Full-time
1 week ago
$110,000 - $155,000 USD
H1B Sponsor Likely
Key skills
CryptographyData Protection SolutionsDatabase SecurityEncryption ImplementationHashiCorp VaultThalesHSMsSQL ServerC#PythonAzureNIST CSFAgile/ScrumConsulting BackgroundCertifications CISSPCertifications CISMCertifications CCSPCertifications OSCPCommunicationJavaCSQLPowerShellBITableauPower BIVaultMySQLOracleAgileScrumLeadership
About this role
HealthEquity is dedicated to saving and improving lives by empowering healthcare consumers. They are seeking a Sr Encryption & Data Protection Engineer to design and implement security controls to protect member and partner data, while collaborating closely with development teams.
Responsibilities:
- Cryptography Specialist: Deep hands-on experience with key management, HSMs, certificate lifecycle, and enterprise vaulting. Comfortable with products such as HashiCorp Vault or Thales, and with performance tradeoffs in real production systems
- Database and Product Security Engineer: Strong background in database development or administration and application development. Skilled at implementing encryption or tokenization end to end and coaching teams through integration and troubleshooting
- Design, build, and operate cryptographic services to protect data at rest and in use across databases, file shares, and applications
- Implement encryption, tokenization, and secrets management patterns, integrating them into app and data pipelines with minimal friction
- Guide engineering teams through connection string updates, certificate-based authentication, HSM-backed key operations, and column-level encryption
- Establish reference implementations, SDKs, and runbooks that make secure-by-default the easiest path for product and data teams
- Evaluate and integrate data discovery and classification tooling to find and reduce exposure of sensitive data across diverse environments
- Lead security risk assessments for on-prem and cloud data services and translate findings into pragmatic, measurable engineering work
- Instrument and publish program metrics and dashboards that show adoption, coverage, and control effectiveness for senior leadership
- Present recommendations clearly to senior leaders and mentor engineers and DBAs on best practices
- Contribute to security as a service, offering patterns, paved roads, and consultative guidance to partner teams
Requirements:
- Bachelor's degree in Computer Science, Information Systems, or a related technical field — or equivalent hands-on experience
- 6+ years in security or platform engineering with proven success delivering data protection solutions at scale across both legacy and cloud environments
- Practical experience implementing encryption or tokenization for production applications and databases, including managing performance and latency trade-offs
- Hands-on with some the following: HashiCorp Vault, Thales, HSMs, certificate-based authentication, mTLS, Secrets management, FPE, and tokenization
- Strong database expertise in SQL Server, MySQL, or Oracle
- Expertise in at least one modern language (C# or Java)
- Scripting with PowerShell or Python
- Azure expertise, including secure use of cloud-native services and identity; familiarity with column-level encryption and key rotation
- Security Framework Knowledge with NIST CSF, ISO 27001, and CIS Controls, applied pragmatically to engineering decisions
- Excellent communication and influencing skills — able to partner effectively with DBAs, developers, architects, and senior leaders
- Certifications CISSP, CISM, CCSP, or OSCP are valued but not required. We prioritize hands-on impact over badges
- Experience building BI dashboards for program metrics (Power BI or Tableau)
- Agile/Scrum experience
- Consulting or advisory background