Who we are looking for

We’re looking for a PKI Operations and Engineering leader at the Assistant Vice President level. This role owns the operational backbone of our certificate authority platforms, key management systems, and enterprise certificate lifecycle automation. The ideal candidate has hands-on experience running and scaling internal and external CAs, working with HSM-protected keys, and building automation that removes self-signed certificates and shortens rotation timelines without disrupting the business.

You’ll partner with security architects, infrastructure teams, and platform owners to strengthen our PKI footprint across data centers and cloud environments. This role needs someone who can translate technical requirements into clear standards, improve inventory coverage, and push execution across teams with confidence.

Why this role is important to us

PKI is a core security control in our environment. Certificates enable trusted authentication between users, workloads, and systems, and they’re central to protecting financial infrastructure, regulatory compliance, and Zero Trust initiatives. This team ensures our cryptographic identity layer is reliable, compliant, and automated at scale.

What you will be responsible for

Strategy, advisory, and standards

Shape and execute the enterprise PKI strategy with a strong operational lensDefine and document certificate and signing key standards for internal systems and cloud platformsSet requirements for certificate rotation, revocation, and incident response pathsEvaluate and onboard automation and discovery tools that expand certificate inventory coverageInfluence and align engineering, platform, and security teams on practical PKI priorities

Operations and engineering execution

Run internal CA platforms and integrations with external CAsManage HSM-backed private keys and secure signing workflowsBuild and scale certificate automation for issuance, renewal, rotation, and revocationIntegrate PKI into CI/CD pipelines, cloud workloads, and service identitiesPartner with infrastructure teams to remove self-signed certificates and reduce certificate sprawlDesign workflows for compromised, expired, or non-compliant certificatesTrack metrics for inventory completeness, revocation SLAs, rotation success, and automation coverageProduce executive-level updates that clearly show progress, risk, and operational health

What we value

These skills will help you succeed in this role

Experience running enterprise PKI platforms (internal + external CAs)Certificate lifecycle automation and inventory expansion at scaleCryptographic key management using HSMs and vault platformsWindows and Linux system administrationComfort operating in regulated financial environmentsClear communicator who can drive change across teamsSelf-starter who takes ownership of outcomes and improves what they touch

Education & Preferred Qualifications

Bachelor’s degree in a technical field or equivalent experience3–5 years working with certificate management, KMS, or CA platforms3–5 years administering Windows and Linux/Unix systemsExperience with:Internal and external CAsCertificate lifecycle automationHSM-backed key storage and signingSecrets or certificate discovery platformsIncident paths for compromised and expired certificatesPKI integrations in cloud and CI/CD pipelines

Additional requirements

Nice to have: IAM experience, MFA, privileged access controls, DR resiliency planningExperience working in large complex environments (financial services a plus)

Work Requirement

Quincy (MA) – John Adams Building40 hours – Standard Work ShiftHybrid- 4 days in office 1 day remote

Salary Range:

$90,000 - $157,500 Annual

The range quoted above applies to the role in the primary location specified. If the candidate would ultimately work outside of the primary location above, the applicable range could differ.

Employees are eligible to participate in State Street’s comprehensive benefits program, which includes: our retirement savings plan (401K) with company match; insurance coverage including basic life, medical, dental, vision, long-term disability, and other optional additional coverages; paid-time off including vacation, sick leave, short term disability, and family care responsibilities; access to our Employee Assistance Program; incentive compensation including eligibility for annual performance-based awards (excluding certain sales roles subject to sales incentive plans); and, eligibility for certain tax advantaged savings plans.

For a full overview, visit https://hrportal.ehr.com/statestreet/Home.

About State Street

Across the globe, institutional investors rely on us to help them manage risk, respond to challenges, and drive performance and profitability. We keep our clients at the heart of everything we do, and smart, engaged employees are essential to our continued success.

We are committed to fostering an environment where every employee feels valued and empowered to reach their full potential. As an essential partner in our shared success, you’ll benefit from inclusive development opportunities, flexible work-life support, paid volunteer days, and vibrant employee networks that keep you connected to what matters most. Join us in shaping the future.

As an Equal Opportunity Employer, we consider all qualified applicants for all positions without regard to race, creed, color, religion, national origin, ancestry, ethnicity, age, disability, genetic information, sex, sexual orientation, gender identity or expression, citizenship, marital status, domestic partnership or civil union status, familial status, military and veteran status, and other characteristics protected by applicable law.

Discover more information on jobs at StateStreet.com/careers

Read our CEO Statement

Job Application Disclosure:

It is unlawful in Massachusetts to require or administer a lie detector test as a condition of employment or continued employment. An employer who violates this law shall be subject to criminal penalties and civil liability.