PQC SME - Post-Quantum Cryptography

Job Summary:

We are seeking a highly experienced Post-Quantum Cryptography (PQC) SME for reviewing existing and new product architectures and recommending best practices to ensure long-term cryptographic resilience against quantum threats. The role involves evaluating cryptographic designs, guiding secure transition to PQC algorithms, and driving strategic adoption of NIST-recommended PQC standards.

Key Responsibilities:

• Review product architectures to identify classical cryptography usage and assess quantum resistance gaps.
• Recommend PQC transition strategies aligned with NIST post-quantum cryptography standards.
• Evaluate product cryptographic implementations and recommend replacements with PQC-safe algorithms (e.g., CRYSTALS-Kyber, Dilithium).
• Define best practices for PQC adoption across software, APIs, protocols, and key management systems.
• Collaborate with product engineering, architecture, and security teams to integrate PQC guidance.
• Conduct risk assessments and threat modeling related to quantum computing threats.
• Monitor industry and regulatory updates (e.g., NIST, ETSI) and translate them into actionable insights.
• Support cryptographic agility initiatives , enabling easy future upgrades of crypto algorithms.
• Provide training or awareness sessions to engineering teams on PQC and cryptographic transitions.

Must-Have Skills:

• Deep expertise in cryptography and cryptographic protocols , including TLS, IPsec, PKI, X.509, and secure key exchange.
• Practical knowledge of post-quantum cryptographic algorithms (NIST PQC finalists, hybrid modes, lattice-based cryptography).
• Experience with cryptographic review of application architectures (backend, APIs, cloud, mobile).
• Familiarity with cryptographic libraries and tools (OpenSSL, BouncyCastle, libsodium, PQClean, etc.).
• Strong understanding of key lifecycle management , secure storage, and hardware security modules (HSMs).
• Excellent communication skills for conveying complex cryptographic ideas to non-experts.

Good-to-Have Skills:

• Experience with quantum threat modeling and quantum-safe readiness assessments.
• Familiarity with cryptographic agility frameworks and planning roadmaps for cryptographic transitions.
• Experience working in regulated environments (e.g., financial services, healthcare, government).
• Contributions to cryptographic research, open source, or NIST PQC standardization .
• Understanding of secure software development lifecycle (SSDLC) and DevSecOps pipelines.