LOG IN
SIGN UP
Canary Wharfian - Online Investment Banking & Finance Community.
Sign In
or continue with e-mail and password
Forgot password?
Don't have an account?
Create an account
or continue with e-mail and password
By signing up, you agree to our Terms & Conditions and Privacy Policy.

Senior Digital Assets Engineer

ExperiencedVisa sponsorship available
Fidelity Investments logo

at Fidelity Investments

Asset Management

Posted 13 days ago

No clicks

**Senior Digital Assets Engineer** at Fidelity. Design, integrate, and manage secure cryptographic infrastructure. Leverage AWS, KMS, encryption, HSMs, and containerized workloads. 6+ years in distributed systems, 2+ in KMS experience. Collaborate cross-functionally to create secure key lifecycle management and encryption controls.

Compensation
Not specified

Currency: Not specified

City
Not specified
Country
Not specified

Full Job Description

Job Description:

Note: Fidelity will not provide immigration sponsorship for this position

The Role

We are seeking a highly motivated cybersecurity engineer with a strong focus on key management, encryption technologies, and hardware-backed security solutions who can make an immediate impact. The ideal candidate is curious, ownership-driven, and thrives in a collaborative, knowledge-sharing environment.

The Digital Asset Security Operations team within Fidelity Enterprise Cybersecurity (ECS) is responsible for securing missioncritical platforms that power cryptocurrency and blockchain services. This role sits at the intersection of modern cryptographic systems, cloud-native architecture, and secure infrastructure engineering, with deep exposure to encryption platforms, Hardware Security Modules (HSMs), and containerized workloads in AWS.

You will work closely with cybersecurity, risk, and development teams to design, implement, and operate secure key lifecycle management systems and encryption controls across on-premises infrastructure and distributed cloud-native environments.


The Expertise and Skills You Bring

  • Bachelors degree in Computer Science or a related technical discipline

  • 6+ years of experience in distributed systems engineering, security engineering, or platform operations

  • 2+ years of hands-on experience with:

    • Enterprise Key Management Systems (KMS)

    • Encryption technologies (data-at-rest, data-in-transit, and data-in-use)

    • Secure API design and cryptographic service integration

  • Experience with Hardware Security Modules (HSMs) for secure key generation, storage, and cryptographic operations (strongly preferred)

  • 12 years of experience working with cloud-native environments, including:

    • AWS (e.g., KMS, Nitro Enclaves, IAM, VPC security)

    • Kubernetes (EKS) and containerized workloads

  • Strong understanding of cryptographic principles including:

    • Symmetric/asymmetric encryption

    • Key exchange, signing, and PKI concepts

  • Experience securing and hardening Linux and Windows systems, with focus on encryption, identity, and access control

  • Practical experience with:

    • Containers & orchestration (Docker/Kubernetes)

    • CI/CD pipelines (GitHub, Jenkins, Artifactory)

    • Infrastructure as Code / automation scripting (Python, Bash, PowerShell, Ansible)

  • Familiarity with secrets management, certificate lifecycle management, and secure workload identity

  • Strong analytical and troubleshooting skills in complex distributed systems

  • Experience working in Agile environments within large enterprises

The Value You Deliver

  • Contribute to the design and operation of secure cryptographic infrastructure supporting Fidelitys digital asset and blockchain platforms

  • Build, integrate, and maintain enterprise key management and encryption solutions, leveraging:

    • AWS-native services (KMS, IAM, Nitro-based isolation)

    • HSM-backed security controls

  • Support secure containerized applications running in Kubernetes by implementing:

    • Secrets management

    • Encryption enforcement

    • Workload identity and access control

  • Engineer and operate secure CI/CD pipelines to ensure trusted software delivery with integrated cryptographic controls

  • Perform security engineering and operational support across distributed cloud environments, including:

    • On call responsibilities

    • Incident, change, and release management

    • Monitoring, logging, and audit integration for cryptographic systems

  • Design and implement end-to-end encryption strategies:

    • Data protection across APIs, services, and storage layers

    • Secure communication channels within microservices architectures

  • Evaluate and prototype emerging technologies in:

    • Confidential computing (e.g., enclaves)

    • Advanced encryption and key protection mechanisms

  • Define and enforce security controls and policies across:

    • Systems, containers, and network layers

    • Authentication, authorization, and access governance

Fidelitys Onsite Working Model
Fidelity is transitioning to a full-time onsite working model through a phased rollout across regions and roles. Currently, some roles and locations require 100% onsite presence, while others require less. Onsite expectations are likely to evolve as the rollout continues. This transition does not apply to fully remote roles.

Certifications:

Category:

Information Technology

Please be advised that Fidelitys business is governed by the provisions of the Securities Exchange Act of 1934, the Investment Advisers Act of 1940, the Investment Company Act of 1940, ERISA, numerous state laws governing securities, investment and retirement-related financial activities and the rules and regulations of numerous self-regulatory organizations, including FINRA, among others. Those laws and regulations may restrict Fidelity from hiring and/or associating with individuals with certain Criminal Histories.

Apply

All fields are required.

Benefits that balance life and work

From our fully paid parent leave to our on-site health and wellness centers, our benefits support the belief that more balance you have, the better you can achieve your goals.

Benefits

Company overview

Company overview 

At Fidelity, we are passionate about making our financial expertise broadly accessible and effective in helping people live the lives they want. We are a privately held company that places a high degree of value in creating and nurturing a work environment that attracts the best talent and reflects our commitment to our associates. We are proud of our diverse and inclusive workplace where we respect and value our associates for their unique perspectives and experience. 

Reasonable accommodations

Fidelity will reasonably accommodate applicants with disabilities who need adjustments to participate in the application or interview process. To initiate a request for an accommodation contact the HR Accommodation Team by sending an email to accommodations@fmr.com, or by calling 800-835-5099, prompt 2, option 3.

Equal opportunity employer

Fidelity Investments is an equal opportunity employer. We believe that the most effective way to attract, develop, and retain a diverse workforce is to build an enduring culture of inclusion and belonging.

Applicant screening

At Fidelity, we value honesty, integrity, and the safety of our associates and customers within a heavily regulated industry. Certain roles may require candidates to go through a preliminary credit check during the screening process. Candidates who are presented with a Fidelity offer will need to go through a background investigation and may be asked to provide additional documentation as requested. This investigation includes but is not limited to a criminal, civil litigations and regulatory review, employment, education, and credit review (role dependent). These investigations will account for 7 years or more of history, depending on the role. Where permitted by federal or state law, Fidelity will also conduct a pre-employment drug screen, which will review for the following substances: Amphetamines, THC (marijuana), cocaine, opiates, phencyclidine.

AI Guidelines

Learn about our guidelines for use of AI when applying for a Fidelity job

Return to job search

Senior Digital Assets Engineer

Compensation

Not specified

City: Not specified

Country: Not specified

Fidelity Investments logo
Asset Management

13 days ago

No clicks

at Fidelity Investments

ExperiencedVisa sponsorship available

**Senior Digital Assets Engineer** at Fidelity. Design, integrate, and manage secure cryptographic infrastructure. Leverage AWS, KMS, encryption, HSMs, and containerized workloads. 6+ years in distributed systems, 2+ in KMS experience. Collaborate cross-functionally to create secure key lifecycle management and encryption controls.

Full Job Description

Job Description:

Note: Fidelity will not provide immigration sponsorship for this position

The Role

We are seeking a highly motivated cybersecurity engineer with a strong focus on key management, encryption technologies, and hardware-backed security solutions who can make an immediate impact. The ideal candidate is curious, ownership-driven, and thrives in a collaborative, knowledge-sharing environment.

The Digital Asset Security Operations team within Fidelity Enterprise Cybersecurity (ECS) is responsible for securing missioncritical platforms that power cryptocurrency and blockchain services. This role sits at the intersection of modern cryptographic systems, cloud-native architecture, and secure infrastructure engineering, with deep exposure to encryption platforms, Hardware Security Modules (HSMs), and containerized workloads in AWS.

You will work closely with cybersecurity, risk, and development teams to design, implement, and operate secure key lifecycle management systems and encryption controls across on-premises infrastructure and distributed cloud-native environments.


The Expertise and Skills You Bring

  • Bachelors degree in Computer Science or a related technical discipline

  • 6+ years of experience in distributed systems engineering, security engineering, or platform operations

  • 2+ years of hands-on experience with:

    • Enterprise Key Management Systems (KMS)

    • Encryption technologies (data-at-rest, data-in-transit, and data-in-use)

    • Secure API design and cryptographic service integration

  • Experience with Hardware Security Modules (HSMs) for secure key generation, storage, and cryptographic operations (strongly preferred)

  • 12 years of experience working with cloud-native environments, including:

    • AWS (e.g., KMS, Nitro Enclaves, IAM, VPC security)

    • Kubernetes (EKS) and containerized workloads

  • Strong understanding of cryptographic principles including:

    • Symmetric/asymmetric encryption

    • Key exchange, signing, and PKI concepts

  • Experience securing and hardening Linux and Windows systems, with focus on encryption, identity, and access control

  • Practical experience with:

    • Containers & orchestration (Docker/Kubernetes)

    • CI/CD pipelines (GitHub, Jenkins, Artifactory)

    • Infrastructure as Code / automation scripting (Python, Bash, PowerShell, Ansible)

  • Familiarity with secrets management, certificate lifecycle management, and secure workload identity

  • Strong analytical and troubleshooting skills in complex distributed systems

  • Experience working in Agile environments within large enterprises

The Value You Deliver

  • Contribute to the design and operation of secure cryptographic infrastructure supporting Fidelitys digital asset and blockchain platforms

  • Build, integrate, and maintain enterprise key management and encryption solutions, leveraging:

    • AWS-native services (KMS, IAM, Nitro-based isolation)

    • HSM-backed security controls

  • Support secure containerized applications running in Kubernetes by implementing:

    • Secrets management

    • Encryption enforcement

    • Workload identity and access control

  • Engineer and operate secure CI/CD pipelines to ensure trusted software delivery with integrated cryptographic controls

  • Perform security engineering and operational support across distributed cloud environments, including:

    • On call responsibilities

    • Incident, change, and release management

    • Monitoring, logging, and audit integration for cryptographic systems

  • Design and implement end-to-end encryption strategies:

    • Data protection across APIs, services, and storage layers

    • Secure communication channels within microservices architectures

  • Evaluate and prototype emerging technologies in:

    • Confidential computing (e.g., enclaves)

    • Advanced encryption and key protection mechanisms

  • Define and enforce security controls and policies across:

    • Systems, containers, and network layers

    • Authentication, authorization, and access governance

Fidelitys Onsite Working Model
Fidelity is transitioning to a full-time onsite working model through a phased rollout across regions and roles. Currently, some roles and locations require 100% onsite presence, while others require less. Onsite expectations are likely to evolve as the rollout continues. This transition does not apply to fully remote roles.

Certifications:

Category:

Information Technology

Please be advised that Fidelitys business is governed by the provisions of the Securities Exchange Act of 1934, the Investment Advisers Act of 1940, the Investment Company Act of 1940, ERISA, numerous state laws governing securities, investment and retirement-related financial activities and the rules and regulations of numerous self-regulatory organizations, including FINRA, among others. Those laws and regulations may restrict Fidelity from hiring and/or associating with individuals with certain Criminal Histories.

Apply

All fields are required.

Benefits that balance life and work

From our fully paid parent leave to our on-site health and wellness centers, our benefits support the belief that more balance you have, the better you can achieve your goals.

Benefits

Company overview

Company overview 

At Fidelity, we are passionate about making our financial expertise broadly accessible and effective in helping people live the lives they want. We are a privately held company that places a high degree of value in creating and nurturing a work environment that attracts the best talent and reflects our commitment to our associates. We are proud of our diverse and inclusive workplace where we respect and value our associates for their unique perspectives and experience. 

Reasonable accommodations

Fidelity will reasonably accommodate applicants with disabilities who need adjustments to participate in the application or interview process. To initiate a request for an accommodation contact the HR Accommodation Team by sending an email to accommodations@fmr.com, or by calling 800-835-5099, prompt 2, option 3.

Equal opportunity employer

Fidelity Investments is an equal opportunity employer. We believe that the most effective way to attract, develop, and retain a diverse workforce is to build an enduring culture of inclusion and belonging.

Applicant screening

At Fidelity, we value honesty, integrity, and the safety of our associates and customers within a heavily regulated industry. Certain roles may require candidates to go through a preliminary credit check during the screening process. Candidates who are presented with a Fidelity offer will need to go through a background investigation and may be asked to provide additional documentation as requested. This investigation includes but is not limited to a criminal, civil litigations and regulatory review, employment, education, and credit review (role dependent). These investigations will account for 7 years or more of history, depending on the role. Where permitted by federal or state law, Fidelity will also conduct a pre-employment drug screen, which will review for the following substances: Amphetamines, THC (marijuana), cocaine, opiates, phencyclidine.

AI Guidelines

Learn about our guidelines for use of AI when applying for a Fidelity job

Return to job search