Security Solutions Principal - Cryptography, Key Management & Post-Quantum Readiness

About The Position

Requirements

• 10+ years in cybersecurity with deep focus on cryptography and encryption
• Demonstrated expertise in: Enterprise key management lifecycle design and operations
• Demonstrated expertise in: HSM architecture, deployment, and FIPS validation requirements
• Demonstrated expertise in: PKI architecture, certificate lifecycle management, and trust models
• Demonstrated expertise in: Cryptographic protocols and algorithms (symmetric, asymmetric, hashing, digital signatures)
• Demonstrated expertise in: Encryption architectures across data states (at-rest, in-transit, in-use) in cloud and hybrid environments
• Strong understanding of Post-Quantum Cryptography concepts and enterprise migration challenges
• Experience advising large enterprises and regulated industries
• Exceptional communication and client-facing skills

Nice To Haves

• Experience with PQC algorithm evaluation, testing, and hybrid cryptographic implementations
• Familiarity with NIST PQC standardization outcomes and CNSA 2.0 migration timelines
• Knowledge of crypto-agility frameworks
• Experience with cloud KMS platforms (AWS KMS, Azure Key Vault, GCP Cloud KMS) and cloud HSM services
• Hands-on experience with secrets management platforms (HashiCorp Vault, CyberArk Conjur, cloud-native secrets managers)
• Experience with cloud KMS platforms (AWS, Azure, GCP)
• Familiarity with HSM vendor platforms (Thales Luna, Entrust nShield, Utimaco) and their PQC firmware roadmaps
• Relevant certifications (e.g., CISSP, CCSP, GSEC, or cryptography-focused credentials)
• Master’s or PhD in cryptography, computer science, or related field

Responsibilities

• Advise executives and security leaders on cryptographic risk, key management strategy, quantum readiness, and long-term encryption posture
• Lead cryptographic maturity evaluations, PQC readiness assessments, and key management capability reviews
• Develop enterprise cryptographic roadmaps aligned to business risk, data classification, and regulatory drivers
• Present findings and recommendations to senior leadership and boards
• Lead enterprise-wide cryptographic asset discovery across algorithms, certificates, keys, protocols, and encryption dependencies
• Identify “harvest now, decrypt later” exposure and prioritize remediation based on data sensitivity and shelf life
• Assess third-party and supply chain cryptographic dependencies including SaaS providers, payment processors, certificate authorities, and embedded systems
• Develop cryptographic inventories that serve as the foundation for migration planning and risk quantification
• Design and assess enterprise key management programs covering the full lifecycle: generation, distribution, rotation, revocation, escrow, and destruction
• Architect HSM strategies including capacity planning, clustering/HA models, and FIPS 140-2/140-3 validation requirements
• Evaluate and recommend HSM platforms (Thales Luna, Entrust nShield, Utimaco) and cloud-native options (AWS CloudHSM, Azure Managed HSM, GCP Cloud HSM)
• Define governance over key custodianship, separation of duties, and key ceremony procedures
• Design and assess PKI architectures including CA hierarchy, certificate lifecycle management, and trust models
• Provide guidance on automated enrollment protocols (ACME, SCEP, EST), certificate transparency, and private vs. public trust models
• Lead PKI modernization efforts including migration from legacy Microsoft ADCS environments
• Advise on code signing key management, firmware signing, and software supply chain integrity
• Design crypto-agility architectures supporting algorithm transitions, including hybrid key exchange implementations (e.g., ML-KEM combined with classical ECDH)
• Define and assess enterprise encryption standards: approved algorithm suites, minimum key lengths, deprecation policies, and exception processes
• Provide guidance on TLS/IPsec/VPN modernization strategies
• Provide guidance on Data-at-rest, data-in-transit, and data-in-use encryption controls
• Provide guidance on Tokenization, format-preserving encryption, and data masking techniques
• Support integration of NIST-selected PQC algorithms into enterprise environments
• Lead multi-phase cryptographic transformation programs across key management, PKI, encryption, and PQC migration
• Define governance models for cryptographic lifecycle management
• Develop policies, standards, and crypto baselines
• Establish risk-based migration strategies and prioritization models that account for data longevity versus quantum timeline estimates
• Coordinate cross-functional collaboration across networking, application development, DevOps, and compliance team
• Align programs to NIST guidance (PQC, SP 800-57, SP 800-131A, etc.)
• Align programs to ISO 27001/27002 cryptographic controls
• Align programs to Regulatory expectations (financial services, healthcare, government)
• Translate cryptographic risk into business and regulatory impact
• Assess cryptographic compliance posture across third-party and supply chain dependencies
• Contribute to whitepapers, research, and industry presentations
• Support client workshops, tabletop exercises and executive briefings
• Mentor consultants and client teams
• Participate in industry working groups, standards bodies, or vendor advisory councils

Benefits

• Health, Dental, and Vision Care
• Onsite Health Centers
• Employee Assistance Program
• Wellness program
• Competitive pay
• Profit Sharing
• 401k Plan with Company Matching
• Life and Disability Insurance
• Tuition Reimbursement
• PTO and Sick Leave (starting at 20 days per year)
• Holidays (10 per year)
• Parental Leave
• Military Leave
• Bereavement
• Nursing Mothers Benefits
• Voluntary Legal
• Pet Insurance
• Employee Discount Program