Director, Blockchain Crypto Engineering Architect

Fidelity Enterprise Cybersecurity is seeking a highly skilled Blockchain Crypto Security Architect, primarily responsible for the architecture design and solution of blockchain and cryptocurrency transaction signing and key management for Fidelity Digital Asset Services.

Key areas of accountability:

• Crypto key management security leadership, to include technology and process solutions, standards and implementation mentorship for multiple blockchains (eg Bitcoin, Ethereum) and multiple cryptocurrencies and tokens.
• Identifying risk and evaluating mitigating security controls for securing digital asset custody in online and offline storages.
• Design of an microservice transaction signing architecture for high availability and scalability and coordinated with Back End hardware security modules.
• Design and mentorship on secure key lifecycle management processes including formal key event and reliable key backup procedures.

The Expertise and Skills You Bring

• Education: BS or Master's in Computer Science, Computer Information Systems Engineering or Mathematics.
• Work Experience: minimum 7 years of validated technical lead/architectural skills and responsibilities.
• Have proven understanding and experience in Bitcoin and Ethereum blockchain and transaction protocols and cryptography foundations
• You have validated understanding of cryptography, key management, PKI, microservice architecture, common cybersecurity solutions in the area of data security, authentication and authorization, application security, code vulnerability detection and cloud security.
• Hands-on knowledge on RSETful API, Java, JCE, PKCS, HSM, oAuth, SpringBoot, Web Services, object modeling and design pattern.
• Expert knowledge of major BIPs and EIPs, eg. Bip32, HD wallets, multi-sig, SegWit, Taproot, Schnorr. Strong hands-on cryptography algorithms and their applications in blockchain and crypto key security such as Shamir Secret Share, ECDSA, RSA, AES.
• You should have industry awareness of cryptocurrency security standards and best practices and be able to conduct threat modeling on key management solutions and processes, to identify major threats and residual risks, recommend mitigation controls and internal policies meet all business, legal, and regulatory requirements.
• Strong hands-on experience in architecting and building critically important enterprise Web applications with high availability, reliability and scalability.
• Proven understanding on FIPS 140-2 hardware security module.
• Rapid prototyping and pickup on emerging technologies and new protocols in cryptocurrency and blockchain such as taproot, Proof-of-stake, threshold signature, multi-sig, HD wallet, multi-party-computation, zero knowledge proof etc.
• DevOps and cloud experience (AWS/Kubernetes/Containerization)
• Knowledge about Solidity and smart contract and code audit experience.

Deep architectural understanding of the following:

• Evaluate the current state of cryptocurrency key management capabilities for digital asset security and assist in maintaining a product roadmap for iterative improvements.
• Assist with analysis of current key management controls against internal policies, customer privacy requirements, as well as industry regulatory and compliance requirements.
• Connect with peers, managers and business leaders on digital asset and blockchain security current state, standards and goals/vision.
• Provide thought leadership and facilitate education of the blockchain and digital asset custody security product to include emerging threats and attack methods, emerging protection and monitoring technologies as well as emerging regulatory and compliance requirements.
• Assist Engineering to develop product roadmaps for digital asset security capabilities and associated controls.
• Identify and communicate any risks related to multiple-coin digital assets in Fidelity's cryptocurrency offering, whether on-premise, cloud-based, or at a 3rd party. Provide mentorship or edit the product's roadmap to ensure data confidentiality and integrity of each asset.
• Qualities:
• Skilled at taking sophisticated topics and making them simple.
• Transparent judgment and stands behind their decisions.
• Flexible and collaborative with peers
• Ability to communicate effectively with all levels of management, both verbally and in writing

The Team

The Enterprise Cybersecurity Architecture Team is responsible for the following:

• Security Architecture Vision/Innovation
• Security Architecture & Strategy Development
• Architecture Standardization & Evangelism