Skip to main content
Posted June 24, 2026
Fidelity Investments

Senior Systems Engineer (Cybersecurity)

Fidelity Investments
Westlake, Texas, USA Full Time

Job Description:

Note: Fidelity will not provide immigration sponsorship for this position

The Role

We are seeking a highly motivated cybersecurity engineer with a strong focus on key management, encryption technologies, and hardware-backed security solutions who can make an immediate impact. The ideal candidate is curious, ownership-driven, and thrives in a collaborative, knowledge-sharing environment.

The Digital Asset Security Operations team within Fidelity Enterprise Cybersecurity (ECS) is responsible for securing mission‑critical platforms that power cryptocurrency and blockchain services. This role sits at the intersection of modern cryptographic systems, cloud-native architecture, and secure infrastructure engineering, with deep exposure to encryption platforms, Hardware Security Modules (HSMs), and containerized workloads in AWS.

You will work closely with cybersecurity, risk, and development teams to design, implement, and operate secure key lifecycle management systems and encryption controls across on-premises infrastructure and distributed cloud-native environments.


The Expertise and Skills You Bring

  • Bachelor’s degree in Computer Science or a related technical discipline

  • 6+ years of experience in distributed systems engineering, security engineering, or platform operations

  • 2+ years of hands-on experience with:

    • Enterprise Key Management Systems (KMS)

    • Encryption technologies (data-at-rest, data-in-transit, and data-in-use)

    • Secure API design and cryptographic service integration

  • Experience with Hardware Security Modules (HSMs) for secure key generation, storage, and cryptographic operations (strongly preferred)

  • 1–2 years of experience working with cloud-native environments, including:

    • AWS (e.g., KMS, Nitro Enclaves, IAM, VPC security)

    • Kubernetes (EKS) and containerized workloads

  • Strong understanding of cryptographic principles including:

    • Symmetric/asymmetric encryption

    • Key exchange, signing, and PKI concepts

  • Experience securing and hardening Linux and Windows systems, with focus on encryption, identity, and access control

  • Practical experience with:

    • Containers & orchestration (Docker/Kubernetes)

    • CI/CD pipelines (GitHub, Jenkins, Artifactory)

    • Infrastructure as Code / automation scripting (Python, Bash, PowerShell, Ansible)

  • Familiarity with secrets management, certificate lifecycle management, and secure workload identity

  • Strong analytical and troubleshooting skills in complex distributed systems

  • Experience working in Agile environments within large enterprises

The Value You Deliver

  • Contribute to the design and operation of secure cryptographic infrastructure supporting Fidelity’s digital asset and blockchain platforms

  • Build, integrate, and maintain enterprise key management and encryption solutions, leveraging:

    • AWS-native services (KMS, IAM, Nitro-based isolation)

    • HSM-backed security controls

  • Support secure containerized applications running in Kubernetes by implementing:

    • Secrets management

    • Encryption enforcement

    • Workload identity and access control

  • Engineer and operate secure CI/CD pipelines to ensure trusted software delivery with integrated cryptographic controls

  • Perform security engineering and operational support across distributed cloud environments, including:

    • On call responsibilities

    • Incident, change, and release management

    • Monitoring, logging, and audit integration for cryptographic systems

  • Design and implement end-to-end encryption strategies:

    • Data protection across APIs, services, and storage layers

    • Secure communication channels within microservices architectures

  • Evaluate and prototype emerging technologies in:

    • Confidential computing (e.g., enclaves)

    • Advanced encryption and key protection mechanisms

  • Define and enforce security controls and policies across:

    • Systems, containers, and network layers

    • Authentication, authorization, and access governance

Fidelity’s Onsite Working Model
Fidelity is transitioning to a full-time onsite working model through a phased rollout across regions and roles. Currently, some roles and locations require 100% onsite presence, while others require less. Onsite expectations are likely to evolve as the rollout continues. This transition does not apply to fully remote roles.

Certifications:

Category:

Information Technology

Please be advised that Fidelity’s business is governed by the provisions of the Securities Exchange Act of 1934, the Investment Advisers Act of 1940, the Investment Company Act of 1940, ERISA, numerous state laws governing securities, investment and retirement-related financial activities and the rules and regulations of numerous self-regulatory organizations, including FINRA, among others. Those laws and regulations may restrict Fidelity from hiring and/or associating with individuals with certain Criminal Histories.

Sign up for Job Alerts

By clicking Create Alert, you acknowledge that you have read and understand the Privacy Policy.