HealthEquityRemote
Sr Security Engineer
United States of America
Full Time
3 weeks ago
$110,000 - $176,000 USD
H1B Sponsor Likely
Key skills
SQLAzureVaultMySQLOracleSQL ServerLeadership
About this role
HealthEquity is dedicated to empowering healthcare consumers and is building a new data security engineering team. The Senior Security Engineer will be responsible for cryptographic architecture and key management to protect sensitive data across various databases and file shares.
Responsibilities:
- Own the cryptographic architecture for protecting sensitive data across databases and file shares
- Design and implement encryption and tokenization strategies
- Define and implement key management and vaulting patterns, including key generation, storage, rotation, revocation, backup, and recovery
- Integrate certificate-based authentication and PKI workflows for services and applications
- Evaluate database-level vs application-level cryptography, including column-level protection when appropriate
- Partner with DBAs, developers, architects, and security leaders to deliver secure, supportable solutions
- Assess performance and latency impacts of cryptographic controls and design mitigations
- Establish standards, guardrails, runbooks, and operational processes
- Provide technical leadership and mentorship to help teams avoid common cryptography pitfalls
Requirements:
- Bachelor's degree in Computer Science, Information Systems, or equivalent hands-on experience
- Deep, hands-on cryptography experience applied in real production systems
- Proven experience implementing encryption and or tokenization, including key management considerations
- Strong knowledge of HSM concepts, certificate-based authentication, and vaulting patterns
- Experience influencing senior DBAs, developers, and architects
- Comfort operating in ambiguity and building programs from the ground up
- Experience with HashiCorp Vault and or Thales encryption and key management solutions
- Experience integrating HSM-backed or enterprise key management platforms
- Familiarity with SQL Server, MySQL, and Oracle, including encryption impacts and constraints
- Cloud experience, especially Azure, and securing cloud-hosted applications and services