Senior Protegrity Platform Engineer

Amex GBT is a place where colleagues find inspiration in travel as a force for good and – through their work – can make an impact on our industry. We’re here to help our colleagues achieve success and offer an inclusive and collaborative culture where your voice is valued.

We are seeking a Protegrity Engineer with strong (7+ years)hands-on experience implementing data protection solutions using Protegrity for tokenization and detokenization of sensitive data (PII/PCI). This role will focus on designing and integrating tokenization services into enterprise applications and data flows, configuring Protegrity components and policies, and ensuring secure, compliant handling of protected data across systems

• Design and implement Protegrity-based tokenization/detokenization solutions for protecting sensitive data (PII, PCI, PHI as applicable). 
• Integrate Protegrity tokenization services with applications, APIs, microservices, and batch processes across multiple environments (dev/test/prod). 
• Configure and manage Protegrity components (policy/configuration, token vaults as applicable, key management integrations, service endpoints). 
• Define and maintain tokenization policies, formats, and rules aligned with business requirements and compliance standards. 
• Work with security, architecture, and application teams to implement data protection-by-design, including least privilege and separation of duties. 
• Support key management, certificate management, and secure secrets handling (KMS/HSM integrations where applicable). 
• Perform troubleshooting for tokenization flows: authentication/authorization issues, latency, service connectivity, configuration errors, and data mapping issues. 
• Implement monitoring and operational support for Protegrity services, including logs, metrics, alerting, and runbooks. 
• Ensure secure handling of de-tokenization access paths and enforce strong controls for who/what can de-tokenize and under which conditions. 
• Support audits and compliance evidence collection (PCI DSS, GDPR, SOX, internal security controls), including documentation and operational procedures. 

What We’re Looking For 

• 7+ years of strong hands-on experience with Protegrity implementation for tokenization and detokenization in enterprise environments. 
• Solid understanding of data security principles: encryption vs tokenization, data classification, secure key management, and access controls. 
• 6+ years of experience integrating tokenization into applications/services using APIs/SDKs and handling common data patterns (JSON payloads, database fields, files). 
• Understanding authentication and authorization patterns for sensitive services (mTLS, OAuth2/OIDC/JWT concepts or enterprise IAM equivalents). 
• 7+ years of experience working with Linux/Unix environments, scripting, and operational troubleshooting. 
• Ability to write and maintain technical documentation, runbooks, and integration guides. 
• Strong debugging and problem-solving skills, especially in distributed systems and multi-environment deployments. 

Preferred Qualifications 

• Experience exposing/consuming tokenization services through API Gateways such as AWS API Gateway or Apigee (routing, security, throttling, logging). 
• Experience with cloud services and security tooling (AWS IAM, KMS, Secrets Manager, CloudWatch). 
• Experience with CI/CD and automation (GitHub Actions/Jenkins) and IaC (Terraform/CloudFormation). 
• Familiarity with compliance standards and audit practices (PCI DSS, GDPR, SOX) and producing evidence of artifacts. 
• Experience with microservices, container platforms (Docker/Kubernetes), and service-to-service security. 
• Knowledge of data masking, privacy engineering, and data governance processes. 

Location

Bangalore, India

The #TeamGBT Experience

Work and life: Find your happy medium at Amex GBT.

• Flexible benefits are tailored to each country and start the day you do. These include health and welfare insurance plans, retirement programs, parental leave, adoption assistance, and wellbeing resources to support you and your immediate family.

• Travel perks: get a choice of deals each week from major travel providers on everything from flights to hotels to cruises and car rentals.

• Develop the skills you want when the time is right for you, with access to over 20,000 courses on our learning platform, leadership courses, and new job openings available to internal candidates first.

• We strive to champion Inclusion in every aspect of our business at Amex GBT. You can connect with colleagues through our global INclusion Groups, centered around common identities or initiatives, to discuss challenges, obstacles, achievements, and drive company awareness and action.

• And much more!

All applicants will receive equal consideration for employment without regard to age, sex, gender (and characteristics related to sex and gender), pregnancy (and related medical conditions), race, color, citizenship, religion, disability, or any other class or characteristic protected by law.

Click Here for Additional Disclosures in Accordance with the LA County Fair Chance Ordinance.

Furthermore, we are committed to providing reasonable accommodation to qualified individuals with disabilities. Please let your recruiter know if you need an accommodation at any point during the hiring process. For details regarding how we protect your data, please consult the Amex GBT Recruitment Privacy Statement.

What if I don’t meet every requirement? If you’re passionate about our mission and believe you’d be a phenomenal addition to our team, don’t worry about “checking every box;" please apply anyway. You may be exactly the person we’re looking for!