Principal, Infrastructure Engineer (Unix, Security, PKI, Cryptography, Authentication)

Architecture, Middleware, Web, Security, Management, Engineer, Engineering, Linux, Windows, Hardware, IT, Application, Development, Quality, Testing, TCP, IP, HTTP, UNIX, Bash, Python, Java, Encryption, Manager
Full Time

Job Description

Overview

Our Team

Technology Services Group (TSG) is the technology enabler for our firm. Our services provide a strong, resilient, and stable platform to host business processes while enabling innovation.

We are a global team that provides all infrastructure, end user computing and production support services. Our goal is to provide reliable, resilient, next-generation enterprise technology infrastructure and support that enables BNY Mellon employees to deliver client commitments and business solutions around the world.

Our TSG Architecture Infrastructure and Middleware (AIM) team provides high level of automation and self-service across the firm-s technology footprint while developing products to deliver world class messaging, cloud, and security components to our firm. Our team-s focus is to engineer solutions to improve the technology infrastructure moving from a highly manual current state to a tightly controlled automated state. AIM is comprised of 7 core services - Messaging, Web Authentication, Platform Security, App Engine, Discovery Services, Storefront and Responsibility Management and Entitlements (RME).

The Role

We are seeking an Infrastructure Engineer to join our Security Engineering team. We work on authentication, authorization, and data security for web applications, Linux, and Windows systems across our data centers. Our systems secure nearly a quarter of the global economy and we continue to invest in uplifting the technologies that underpin our private cloud and public clouds.

We're building our security services to enable engineering and operational efficiencies in our datacenters and public cloud. Our team uses many technologies to enable innovation for our business. It is our goal to build enterprise scale solutions that are cryptographically secure, based on open standards and industry best practices.

Responsibilities:
  • Responsible for design, development and operationalization of enterprise scale security services.
  • Job involves technical hands-on engineering and management of Hardware Security Modules (HSMs), public key infrastructure (PKI)/digital certificates, data at rest encryption, key management services, and RSA SecurID authentication.
  • Candidate should be able to troubleshoot and debug issues in a fast-paced environment in a timely manner.
  • Responsibilities include writing utility tools to help automate repetitive tasks.
  • Job responsibility also includes customizing reports for audit and recertifications; and intergration with firm standard re-certification and review systems


This person is a subject matter expert in several of the tools/technologies used in the space. Leads the development infrastructure engineering growth strategies and initiatives. Leads initiatives to analyze complex infrastructure problems to be solved with advanced design. Leads the evaluation of the effectiveness of the organization's existing infrastructure technology and tools. Analyzes trends to develop strategy for the implementation of upgrades that will enhance the reliability, Resiliency and efficiency of the IT infrastructure. Provides leadership to execute project plans and performance requirements for all stages/phases through the management of human capital resources. This person is a subject matter expert in at least one of the tools/techologies used in the space. Participates in or leads initiatives to analyze infrastructure problems to be solved with advanced design. Utilizes standard procedures and policies when selecting methods, techniques, and evaluation criteria for obtaining results. Participates in or leads initiatives to analyze infrastructure problems to be solved with advanced design. Utilizes standard procedures and policies when selecting methods, techniques, and evaluation criteria for obtaining results. Manages the processes for ensuring that all systems/applications/software/hardware are compliant with Corporate policy/procedures. Monitors project plans and budgets. Works closely with external vendors, internal partners and busienss teams to provide infrastructure/tool needs. Works with Application Development and Quality Assurance, Testing and Business teams to understand infrastructure needs during the development, testing and production BAU processes. Ensures these needs are taken into account when developing infrastructure. Acts as escalation point for major incidents. Leads strategy to increase automation across the organization. Contributes to the achievement of multiple teams' objectives Bachelor's degree in computer science or a related discipline, or equivalent work experience required; advanced degree preferred 10-12 years of related experience required; experience in the securities or financial services industry is a plus

Bachelor's degree in computer science or a related discipline, or equivalent work experience required; advanced degree preferred 10-12 years of related experience required; experience in the securities or financial services industry is a plus
  • A track record of successful engineering, deployment, and management of cryptography services and/or multi-factor/second factor authentication services.
  • Expertise and deep understanding of public key infrastructure (PKI)/digital certificates, cryptography, authentication, DNS sub-systems, TCP/IP, DHCP, HTTP/HTTPS.
  • Ability to multi-task and context switch between various products and services.
  • Ability to analyze system performance and capacity metrics and tune systems primarily in Linux/UNIX.
  • Proficient scripting skills using Bash, Powershell, Python, Java, or similar technologies.

Preferred:
  • Experience with public key infrastructure (PKI)/digital certificates, Thales Hardware Security Modules (HSM), Vormetric Transparent Encryption (VTE), CipherTrust Key Manager (CKM), HashiCorp Vault, RSA SecurID, or similar products.
  • Cloud experience
  • Understanding of methods to enforce least privilege and just enough access to platforms and services
Dice Id : 91003102
Position Id : 2114354-OTHLOC-100000153158365
Originally Posted : 2 months ago
Have a Job? Post it

Similar Positions

Senior Specialist, Infrastructure Engineer
  • BNY Mellon Corporation
  • Pittsburgh, PA, USA
Infrastructure Operations Security Analyst (RSA/Cryptography)
  • BNY Mellon Corporation
  • Pittsburgh, PA, USA
Principal, Infrastructure Operations (Privileged Access Management,
  • BNY Mellon Corporation
  • Pittsburgh, PA, USA
Sr. Principal, Full-Stack Developer
  • BNY Mellon Corporation
  • Pittsburgh, PA, USA
Principal, Infrastructure Engineer (Linux/Windows)
  • BNY Mellon Corporation
  • Pittsburgh, PA, USA
Development Engineer (Java/Go/Spring)
  • BNY Mellon Corporation
  • Pittsburgh, PA, USA
Principal, Infrastructure Engineer
  • BNY Mellon Corporation
  • Pittsburgh, PA, USA
Sr. Prin, Full-Stack Developer
  • BNY Mellon Corporation
  • Pittsburgh, PA, USA
Senior Web Proxy Engineer (Sr. Specialist, Infrastructure Engineer)
  • BNY Mellon Corporation
  • Pittsburgh, PA, USA