Jobs · Engineering · Missouri

Security Solutions Principal - Cryptography, Key Management & Post-Quantum Readiness

World Wide Technology · New Home, MO · 2 wk ago
Engineering$153k–$192k/yrFull-time

Position Overview

We are seeking a highly experienced Principal Consultant specializing in enterprise cryptography, key management, and post-quantum readiness to lead strategic client engagements focused on cryptographic risk, encryption modernization, key lifecycle management, and quantum-resilient architecture.

Key Responsibilities

  • Client Advisory & Strategy

  • Advises executives and security leaders on cryptographic risk, key management strategy, quantum readiness, and long-term encryption posture

  • Leads cryptographic maturity evaluations, PQC readiness assessments, and key management capability reviews

  • Develops enterprise cryptographic roadmaps aligned to business risk, data classification, and regulatory drivers

  • Presents findings and recommendations to senior leadership and boards

Key Management & HSM Operations

  • Designs and assesses enterprise key management programs covering the full lifecycle: generation, distribution, rotation, revocation, escrow, and destruction

  • Architects HSM strategies including capacity planning, clustering/HA models, and FIPS 140-2/140-3 validation requirements

  • Evaluates and recommends HSM platforms (Thales Luna, Entrust nShield, Utimaco) and cloud-native options (AWS CloudHSM, Azure Managed HSM, GCP Cloud HSM)

  • Defines governance over key custodianship, separation of duties, and key ceremony procedures

Cryptographic Discovery & Inventory

  • Leads enterprise-wide cryptographic asset discovery across algorithms, certificates, keys, protocols, and encryption dependencies

  • Identifies “harvest now, decrypt later” exposure and prioritizes remediation based on data sensitivity and shelf life

  • Affords third-party and supply chain cryptographic dependencies including SaaS providers, payment processors, certificate authorities, and embedded systems

  • Develops cryptographic inventories that serve as the foundation for migration planning and risk quantification

PKI Architecture & Lifecycle

  • Provides guidance on automated enrollment protocols (ACME, SCEP, EST), certificate transparency, and private vs. public trust models

  • Leads PKI modernization efforts including migration from legacy Microsoft ADCS environments

  • Advises on code signing key management, firmware signing, and software supply chain integrity

Cryptographic Architecture & Engineering

  • Designs crypto-agility architectures supporting algorithm transitions, including hybrid key exchange implementations (e.g., ML-KEM combined with classical ECDH)

  • Defines and assesses enterprise encryption standards: approved algorithm suites, minimum key lengths, deprecation policies, and exception processes

  • Provides guidance on: TLS/IPsec/VPN modernization strategies, data-at-rest, data-in-transit, and data-in-use encryption controls, tokenization, format-preserving encryption, and data masking techniques

  • Supports integration of NIST-selected PQC algorithms into enterprise environments

Program Leadership

  • Leads multi-phase cryptographic transformation programs across key management, PKI, encryption, and PQC migration

  • Develops governance models for cryptographic lifecycle management

  • Establishes policies, standards, and crypto baselines

  • Develops risk-based migration strategies and prioritization models that account for data longevity versus quantum timeline estimates

  • Collaborates cross-functionally across security, networking, application development, DevOps, and compliance teams

Risk, Compliance & Standards Alignment

  • Aligns programs to: NIST guidance (PQC, SP 800-57, SP 800-131A, etc.), ISO 27001/27002 cryptographic controls, and regulatory expectations (financial services, healthcare, government)

  • Translates cryptographic risk into business and regulatory impact

  • Affords cryptographic compliance posture across third-party and supply chain dependencies

Thought Leadership

  • Contributes to whitepapers, research, and industry presentations

  • Supports client workshops, tabletop exercises, and executive briefings

  • Mentors consultants and client teams

  • Participates in industry working groups, standards bodies, or vendor advisory councils

Required Qualifications

  • 10+ years in cybersecurity with deep focus on cryptography and encryption

  • Demonstrated expertise in: Enterprise key management lifecycle design and operations, HSM architecture, deployment, and FIPS validation requirements, PKI architecture, certificate lifecycle management, and trust models, Cryptographic protocols and algorithms (symmetric, asymmetric, hashing, digital signatures), Encryption architectures across data states (at-rest, in-transit, in-use) in cloud and hybrid environments

  • Strong understanding of Post-Quantum Cryptography concepts and enterprise migration challenges

  • Experience advising large enterprises and regulated industries

  • Exceptional communication and client-facing skills

Preferred Qualifications

  • Experience with PQC algorithm evaluation, testing, and hybrid cryptographic implementations

  • Familiarity with NIST PQC standardization outcomes and CNSA 2.0 migration timelines

  • Knowledge of crypto-agility frameworks

  • Experience with cloud KMS platforms (AWS KMS, Azure Key Vault, GCP Cloud KMS) and cloud HSM services

  • Hands-on experience with secrets management platforms (HashiCorp Vault, CyberArk Conjur, cloud-native secrets managers)

  • Experience with cloud KMS platforms (AWS, Azure, GCP)

  • Familiarity with HSM vendor platforms (Thales Luna, Entrust nShield, Utimaco) and their PQC firmware roadmaps

  • Relevant certifications (e.g., CISSP, CCSP, GSEC, or cryptography-focused credentials)

  • Master’s or PhD in cryptography, computer science, or related field

Similar jobs