Lead Security Engineer – Data Encryption & Key Management

Who We AreJoin a team that puts its People First! Since 1889, First American (NYSE: FAF) has held an unwavering belief in its people. They are passionate about what they do, and we are equally passionate about fostering an environment where all feel welcome, supported, and empowered to be innovative and reach their full potential. Our inclusive, people-first culture has earned our company numerous accolades, including being named to the Fortune 100 Best Companies to Work For® list for ten consecutive years. We have also earned awards as a best place to work for women, diversity and LGBTQ+ employees, and have been included on more than 50 regional best places to work lists. First American will always strive to be a great place to work, for all. For more information, please visit www.careers.firstam.com.

What We DoWe are seeking a highly skilled and motivated Security Engineer to join our Information Security organization. In this role, you will be a key subject matter expert (SME) responsible for the design, implementation, and operational excellence of our enterprise encryption and key management services, with a strong focus on Fortanix Data Security Manager (DSM).
You will serve as a trusted consultant to application development teams and other internal stakeholders, guiding them through secure onboarding and integration with our centralized encryption and key management platform. This is a high-impact role that requires deep expertise in encryption and key management systems (KMS) and secure application enablement.

What You'll Do

• Operate, maintain, and enhance the Fortanix DSM platform to support enterprise-wide encryption and key management use cases.
• Act as an encryption and key management SME, providing technical leadership and consulting to application teams integrating with Fortanix DSM.
• Define and enforce key lifecycle management policies, including key generation, rotation, archival, and destruction.
• Collaborate with security architects, DevOps, and engineering teams to design secure, scalable, and compliant encryption solutions.
• Develop onboarding frameworks, documentation, and training materials to streamline adoption of Fortanix DSM across the organization.
• Monitor and optimize the performance, availability, and security posture of the encryption and key management infrastructure.
• Stay current with industry trends, emerging threats, and best practices in encryption and data protection.

What You'll Bring:

Knowledge and Skills/Technology Used

• 5+ years of experience in information security, with a focus on encryption and key management.
• Hands-on experience operating and integrating with enterprise encryption and key management platforms (e.g., Fortanix DSM, AWS KMS, HashiCorp Vault, Thales, etc.).
• Deep understanding of encryption principles, algorithms (AES, RSA, ECC, etc.), and protocols (TLS, PKI, etc.).
• Proven ability to consult with engineering and product teams on secure design and implementation.
• Strong scripting or automation skills (Python, Bash, etc.) for operational efficiency.
• Familiarity with compliance frameworks (e.g., PCI-DSS, HIPAA, NIST 800-57/800-53, GDPR).
• Excellent communication and documentation skills.
• Experience with Fortanix DSM in a production environment.
• Certifications such as CISSP, CCSP, or GIAC in encryption or cloud security.
• Experience with cloud-native environments (AWS, Azure, GCP) and containerized workloads (Kubernetes, Docker).
• Leadership experience or mentoring in a technical security role (for Lead-level candidates).
• Experience implementing and supporting storage-level encryption solutions across on-prem and cloud environments.
• Experience with file-level encryption technologies, including Transparent Data Encryption (TDE) for databases such as SQL Server, Oracle, or PostgreSQL.
• Experience designing and implementing field-level encryption strategies for structured data in applications and databases.
• Ability to evaluate and recommend encryption approaches based on data sensitivity, performance, and compliance requirements.

Why Join Us?

• Be part of a forward-thinking InfoSec team driving enterprise-wide data protection.
• Work with cutting-edge technologies in encryption and key management.
• Influence the security posture of critical applications and services.
• Competitive compensation, benefits, and career growth opportunities.

Salary Range: $126,100.00 - $168,100.00

This hiring range is a reasonable estimate of the base pay range for this position at the time of posting.  Pay is based on a number of factors which may include job-related knowledge, skills, experience, business requirements and geographic location.

What We OfferBy choice, we don’t simply accept individuality – we embrace it, we support it, and we thrive on it! Our People First Culture celebrates diversity, equity and inclusion not simply because it’s the right thing to do, but also because it’s the key to our success. We are proud to foster an authentic and inclusive workplace For All. You are free and encouraged to bring your entire, unique self to work. First American is an equal opportunity employer in every sense of the term.

** Note that the following statements only apply to candidates who will be working from an unincorporated area within Los Angeles County. **

First American will consider for employment all qualified applicants, including those with arrest or conviction records, in a manner consistent with the requirements of applicable state and local laws (e.g., the Los Angeles County Fair Chance Ordinance for Employers and the California Fair Chance Act).

First American intends to conduct a review of an applicant’s criminal history in connection with a conditional offer. First American reasonably believes that a criminal history may have a direct, adverse and negative relationship with the following material job duties for this position potentially resulting in the withdrawal of the conditional offer of employment: handling of confidential, proprietary or trade secret information belonging to First American or its customers, administrating or facilitating financial transactions, and the ability to meet customer-imposed criminal history requirements.

Based on eligibility, First American offers a comprehensive benefits package including medical, dental, vision, 401k, PTO/paid sick leave and other great benefits like an employee stock purchase plan.