Crypto Key Management Security Engineer

Where good people build rewarding careers.

Think that working in the insurance field can't be exciting, rewarding and challenging? Think again. You'll help us reinvent protection and retirement to improve customers' lives. We'll help you make an impact with our training and mentoring offerings. Here, you'll have the opportunity to expand and apply your skills in ways you never thought possible. And you'll have fun doing it. Join a company of individuals with hopes, plans and passions, all using and developing our talents for good, at work and in life.

Job Description

Allstate Technology & Strategic Ventures (ATSV) team is embarking on a journey to move Application computing to leverage various Cloud provider services.

Within Allstate Information Security, Crypto Key Management Security Engineers are tasked to develop Key Management Governance standards, oversight authority for all key management activities, bears responsibility for maintaining security of keys at all points in their lifecycle. Educate & mentors Business/Technology teams around adoption/ best practices and ensure compliance with all responsibilities for cryptographic key management.

As a Crypto Key Management Security Engineer, this position will be part of an enterprise-wide Information Security Engineering team responsible for Key Management and Encryption operations. The selected candidate will be a part of a team responsible for planning, implementation and support of the Allstate Key Management System (KMS) Platform.

You will be designing and building KMS best practice that will balance the need for speed and flexibility of application cryptography requirements in Datacenter and IaaS/PaaS/SaaS applications. The role holder will play an active role in defining and implementing security controls for this critical service. They will constantly adapt these controls to take account for the changing threat landscape.

Key Responsibilities

  • Provide SME consultation regarding cryptographic solutions, services, products, projects, cryptographic compliance with association payment networks, PCI DSS, and industry best practices
  • Develop and document cryptographic policies, procedures, and guidelines. Work alongside senior engineers as interface to governance, compliance, and risk management teams to ensure the system consistently meets the requirements for certification and accreditation.
  • Provide SME consultation succinct and intelligible cryptographic reports, comments, and updates to Sr. management teams
  • Responsible for PoC, deploying, maintaining encryption and cryptographic key management solution platforms documentation (Configuration/ upgrades) and features for Enterprise use
  • Ensuring that the KMS central key repository adopts appropriate security controls for a service of this type.
  • Maintains Key Management Practice Statements/ Key Management Operational Procedures
  • Maintains accurate key inventory records, including metadata for all keys, for all environments
  • Ensure keys exist only at the minimum number of locations necessary for the functional operation of the organization including disaster recovery or redundant processing sites.
  • Authorizes and controls key lifecycle events (create/ rotate/ destroy) for keys in all environments, including
  • This role will collaborate with various teams such as engineering, networking, database administration
  • Understand system security vulnerabilities and associated threats, and assess the overall security risks to KMS and the supported systems. Systems monitoring/ troubleshooting, and overall efforts to minimize system downtime.
  • Gather complex cryptographic business requirements and convert to meaningful project tasks and solution documents.
  • Continuously consume new developments, changes, innovations, and threats across cryptography landscape (i.e. legislation, broken algorithms, compliance changes, etc.)
  • Aware of regulatory and contractual requirements and ensure compliance with those requirements.


Job Qualifications

  • Master's Degree in Computer Science/Engineering/ Maths/ Physics
  • 10 years of overall work experience in Cybersecurity, of which 3- 5 years of work experience supporting Key Management Services/ Infrastructure
  • Basic understanding of high-availability (HA) and failover implementations for network infrastructure and server systems
  • Continuous learner with interest/ability to upgrade skills in the field of Cryptography and mentoring junior employees
  • Demonstrate rigorous attention to detail in the communication (oral & written) of key lifecycle processes
  • Ability to work with minimal direction on a variety of, and sometimes ambiguous, requirement
  • Security certification (CISSP and or SANS)


The candidate(s) offered this position will be required to submit to a background investigation, which includes a drug screen.

Good Work. Good Life. Good Hands®.

As a Fortune 100 company and industry leader, we provide a competitive salary - but that's just the beginning. Our Total Rewards package also offers benefits like tuition assistance, medical and dental insurance, as well as a robust pension and 401(k). Plus, you'll have access to a wide variety of programs to help you balance your work and personal life -- including a generous paid time off policy.

Learn more about life at Allstate. Connect with us on Twitter, Facebook, Instagram and LinkedIn or watch a video.

Allstate generally does not sponsor individuals for employment-based visas for this position.

Effective July 1, 2014, under Indiana House Enrolled Act (HEA) 1242, it is against public policy of the State of Indiana and a discriminatory practice for an employer to discriminate against a prospective employee on the basis of status as a veteran by refusing to employ an applicant on the basis that they are a veteran of the armed forces of the United States, a member of the Indiana National Guard or a member of a reserve component.

For jobs in San Francisco, please click "here" for information regarding the San Francisco Fair Chance Ordinance.

For jobs in Los Angeles, please click "here" for information regarding the Los Angeles Fair Chance Initiative for Hiring Ordinance.

It is the policy of Allstate to employ the best qualified individuals available for all jobs without regard to race, color, religion, sex, age, national origin, sexual orientation, gender identity/gender expression, disability, and citizenship status as a veteran with a disability or veteran of the Vietnam Era.


Back to top