Job Information
HEALTHEQUITY, INC. Sr Cryptography and Data Protection Engineer in DRAPER, Utah
Sr Cryptography and Data Protection Engineer
Job Locations
US-Remote
Our Mission
Our mission is to SAVE AND IMPROVE LIVES BY EMPOWERING HEALTHCARE CONSUMERS.Come be part of remarkable.
Overview
How you can make a difference
At HealthEquity, our mission is to save and improve lives by empowering healthcare consumers. To do that well, we protect member and partner data with care, craft, and modern engineering. Join a small, senior team building a greenfield data protection program with full executive support. You will design and ship security controls that scale across petabyte-level data and dozens of platforms, all while partnering closely with developers, DBAs, and architects.
What you'll be doing
Cryptography Specialist: Deep hands-on experience with key management, HSMs, certificate lifecycle, and enterprise vaulting. Comfortable with products such as HashiCorp Vault or Thales, and with performance tradeoffs in real production systems
Database and Product Security Engineer: Strong background in database development or administration and application development. Skilled at implementing encryption or tokenization end to end and coaching teams through integration and troubleshooting.
Design, build, and operate cryptographic services to protect data at rest and in use across databases, file shares, and applications
Implement encryption, tokenization, and secrets management patterns, integrating them into app and data pipelines with minimal friction
Guide engineering teams through connection string updates, certificate-based authentication, HSM-backed key operations, and column-level encryption
Establish reference implementations, SDKs, and runbooks that make secure-by-default the easiest path for product and data teams
Evaluate and integrate data discovery and classification tooling to find and reduce exposure of sensitive data across diverse environments
Lead security risk assessments for on-prem and cloud data services and translate findings into pragmatic, measurable engineering work
Instrument and publish program metrics and dashboards that show adoption, coverage, and control effectiveness for senior leadership
Present recommendations clearly to senior leaders and mentor engineers and DBAs on best practices
Contribute to security as a service, offering patterns, paved roads, and consultative guidance to partner teams
What you will need to be successful
Bachelor's degree in Computer Science, Information Systems, or a related technical field - or equivalent hands-on experience.
6+ years in security or platform engineering with proven success delivering data protection solutions at scale across both legacy and cloud environments.
Practical experience implementing encryption or tokenization for production applications and databases, including managing performance and latency trade-offs.
Hands-on with some the following: HashiCorp Vault, Thales, HSMs, certificate-based authentication, mTLS, Secrets management, FPE, and tokenization
Strong database expertise in SQL Server, MySQL, or Oracle
Expertise in at least one modern language (C# or Java)
Scripting with PowerShell or Python
Azure expertise, including secure use of cloud-native services and identity; familiarity with column-level encryption and key rotation.
Security Framework Knowledge with NIST CSF, ISO 27001, and CIS Controls, applied pragmatically to engineering decisions.
Excellent communication and influencing skills - able to partner effectively with DBAs, developers, architects, and senior leaders.
Certifications CISSP, CISM, CCSP, or OSCP are valued but not required. We prioritize hands-on impact over badges.
Nice to Haves
Experience building BI dashboards for program metrics (Power BI or Tableau)
Agile/Scrum experience
*... For full info follow a plication link.