
Posted 13 days ago
No clicks
**Senior Digital Assets Engineer** at Fidelity. Design, integrate, and manage secure cryptographic infrastructure. Leverage AWS, KMS, encryption, HSMs, and containerized workloads. 6+ years in distributed systems, 2+ in KMS experience. Collaborate cross-functionally to create secure key lifecycle management and encryption controls.
- Compensation
- Not specified
- City
- Not specified
- Country
- Not specified
Currency: Not specified
Full Job Description
Job Description:
Note: Fidelity will not provide immigration sponsorship for this position
The Role
We are seeking a highly motivated cybersecurity engineer with a strong focus on key management, encryption technologies, and hardware-backed security solutions who can make an immediate impact. The ideal candidate is curious, ownership-driven, and thrives in a collaborative, knowledge-sharing environment.
The Digital Asset Security Operations team within Fidelity Enterprise Cybersecurity (ECS) is responsible for securing missioncritical platforms that power cryptocurrency and blockchain services. This role sits at the intersection of modern cryptographic systems, cloud-native architecture, and secure infrastructure engineering, with deep exposure to encryption platforms, Hardware Security Modules (HSMs), and containerized workloads in AWS.
You will work closely with cybersecurity, risk, and development teams to design, implement, and operate secure key lifecycle management systems and encryption controls across on-premises infrastructure and distributed cloud-native environments.
The Expertise and Skills You Bring
Bachelors degree in Computer Science or a related technical discipline
6+ years of experience in distributed systems engineering, security engineering, or platform operations
2+ years of hands-on experience with:
Enterprise Key Management Systems (KMS)
Encryption technologies (data-at-rest, data-in-transit, and data-in-use)
Secure API design and cryptographic service integration
Experience with Hardware Security Modules (HSMs) for secure key generation, storage, and cryptographic operations (strongly preferred)
12 years of experience working with cloud-native environments, including:
AWS (e.g., KMS, Nitro Enclaves, IAM, VPC security)
Kubernetes (EKS) and containerized workloads
Strong understanding of cryptographic principles including:
Symmetric/asymmetric encryption
Key exchange, signing, and PKI concepts
Experience securing and hardening Linux and Windows systems, with focus on encryption, identity, and access control
Practical experience with:
Containers & orchestration (Docker/Kubernetes)
CI/CD pipelines (GitHub, Jenkins, Artifactory)
Infrastructure as Code / automation scripting (Python, Bash, PowerShell, Ansible)
Familiarity with secrets management, certificate lifecycle management, and secure workload identity
Strong analytical and troubleshooting skills in complex distributed systems
Experience working in Agile environments within large enterprises
The Value You Deliver
Contribute to the design and operation of secure cryptographic infrastructure supporting Fidelitys digital asset and blockchain platforms
Build, integrate, and maintain enterprise key management and encryption solutions, leveraging:
AWS-native services (KMS, IAM, Nitro-based isolation)
HSM-backed security controls
Support secure containerized applications running in Kubernetes by implementing:
Secrets management
Encryption enforcement
Workload identity and access control
Engineer and operate secure CI/CD pipelines to ensure trusted software delivery with integrated cryptographic controls
Perform security engineering and operational support across distributed cloud environments, including:
On call responsibilities
Incident, change, and release management
Monitoring, logging, and audit integration for cryptographic systems
Design and implement end-to-end encryption strategies:
Data protection across APIs, services, and storage layers
Secure communication channels within microservices architectures
Evaluate and prototype emerging technologies in:
Confidential computing (e.g., enclaves)
Advanced encryption and key protection mechanisms
Define and enforce security controls and policies across:
Systems, containers, and network layers
Authentication, authorization, and access governance
Fidelitys Onsite Working Model
Fidelity is transitioning to a full-time onsite working model through a phased rollout across regions and roles. Currently, some roles and locations require 100% onsite presence, while others require less. Onsite expectations are likely to evolve as the rollout continues. This transition does not apply to fully remote roles.
Certifications:
Category:
Information TechnologyPlease be advised that Fidelitys business is governed by the provisions of the Securities Exchange Act of 1934, the Investment Advisers Act of 1940, the Investment Company Act of 1940, ERISA, numerous state laws governing securities, investment and retirement-related financial activities and the rules and regulations of numerous self-regulatory organizations, including FINRA, among others. Those laws and regulations may restrict Fidelity from hiring and/or associating with individuals with certain Criminal Histories.
Apply
All fields are required.
Benefits that balance life and work
From our fully paid parent leave to our on-site health and wellness centers, our benefits support the belief that more balance you have, the better you can achieve your goals.
Company overview
Company overview
At Fidelity, we are passionate about making our financial expertise broadly accessible and effective in helping people live the lives they want. We are a privately held company that places a high degree of value in creating and nurturing a work environment that attracts the best talent and reflects our commitment to our associates. We are proud of our diverse and inclusive workplace where we respect and value our associates for their unique perspectives and experience.
Reasonable accommodations
Fidelity will reasonably accommodate applicants with disabilities who need adjustments to participate in the application or interview process. To initiate a request for an accommodation contact the HR Accommodation Team by sending an email to accommodations@fmr.com, or by calling 800-835-5099, prompt 2, option 3.
Equal opportunity employer
Fidelity Investments is an equal opportunity employer. We believe that the most effective way to attract, develop, and retain a diverse workforce is to build an enduring culture of inclusion and belonging.
Applicant screening
At Fidelity, we value honesty, integrity, and the safety of our associates and customers within a heavily regulated industry. Certain roles may require candidates to go through a preliminary credit check during the screening process. Candidates who are presented with a Fidelity offer will need to go through a background investigation and may be asked to provide additional documentation as requested. This investigation includes but is not limited to a criminal, civil litigations and regulatory review, employment, education, and credit review (role dependent). These investigations will account for 7 years or more of history, depending on the role. Where permitted by federal or state law, Fidelity will also conduct a pre-employment drug screen, which will review for the following substances: Amphetamines, THC (marijuana), cocaine, opiates, phencyclidine.
AI Guidelines
Learn about our guidelines for use of AI when applying for a Fidelity job




