Security Solutions Principal - Cryptography, Key Management & Post-Quantum Readi
World Wide Technology, New Home, MO, United States
Position Overview
We are seeking a highly experienced Principal Consultant specializing in enterprise cryptography, key management, and post-quantum readiness to lead strategic client engagements focused on cryptographic risk, encryption modernization, key lifecycle management, and quantum‑resilient architecture. This role serves as a senior advisor to CISOs, architecture leaders, and risk executives, helping organizations design and execute comprehensive cryptographic programs that address current operational and regulatory requirements while building resilience against emerging quantum threats. The ideal candidate blends deep cryptographic expertise across key management, PKI, encryption operations, and post‑quantum cryptography with consulting leadership and business acumen to translate complex cryptographic challenges into actionable, risk‑based strategies.
Key Responsibilities
Client Advisory & Strategy
Advise executives and security leaders on cryptographic risk, key management strategy, quantum readiness, and long‑term encryption posture.
Lead cryptographic maturity evaluations, PQC readiness assessments, and key management capability reviews.
Develop enterprise cryptographic roadmaps aligned to business risk, data classification, and regulatory drivers.
Present findings and recommendations to senior leadership and boards.
Cryptographic Discovery & Inventory
Lead enterprise‑wide cryptographic asset discovery across algorithms, certificates, keys, protocols, and encryption dependencies.
Identify “harvest now, decrypt later” exposure and prioritize remediation based on data sensitivity and shelf life.
Assess third‑party and supply‑chain cryptographic dependencies including SaaS providers, payment processors, certificate authorities, and embedded systems.
Develop cryptographic inventories that serve as the foundation for migration planning and risk quantification.
Key Management & HSM Operations
Design and assess enterprise key management programs covering the full lifecycle: generation, distribution, rotation, revocation, escrow, and destruction.
Architect HSM strategies including capacity planning, clustering/HA models, and FIPS 140‑2/140‑3 validation requirements.
Evaluate and recommend HSM platforms (Thales Luna, Entrust nShield, Utimaco) and cloud‑native options (AWS CloudHSM, Azure Managed HSM, GCP Cloud HSM).
Define governance over key custodianship, separation of duties, and key ceremony procedures.
PKI Architecture & Lifecycle
Design and assess PKI architectures including CA hierarchy, certificate lifecycle management, and trust models.
Provide guidance on automated enrollment protocols (ACME, SCEP, EST), certificate transparency, and private vs. public trust models.
Lead PKI modernization efforts including migration from legacy Microsoft ADCS environments.
Advise on code signing key management, firmware signing, and software supply‑chain integrity.
Cryptographic Architecture & Engineering
Design crypto‑agility architectures supporting algorithm transitions, including hybrid key exchange implementations (e.g., ML‑KEM combined with classical ECDH).
Define and assess enterprise encryption standards: approved algorithm suites, minimum key lengths, deprecation policies, and exception processes.
Provide guidance on TLS/IPsec/VPN modernization strategies, data‑at‑rest, data‑in‑transit, and data‑in‑use encryption controls, tokenization, format‑preserving encryption, and data masking techniques.
Support integration of NIST‑selected PQC algorithms into enterprise environments.
Program Leadership
Lead multi‑phase cryptographic transformation programs across key management, PKI, encryption, and PQC migration.
Define governance models for cryptographic lifecycle management.
Develop policies, standards, and crypto baselines.
Establish risk‑based migration strategies and prioritization models that account for data longevity versus quantum timeline estimates.
Coordinate cross‑functional collaboration across networking, application development, DevOps, and compliance teams.
Risk, Compliance & Standards Alignment
Align programs to NIST guidance (PQC, SP 800‑57, SP 800‑131A, etc.), ISO 27001/27002 cryptographic controls, and regulatory expectations in financial services, healthcare, and government.
Translate cryptographic risk into business and regulatory impact.
Assess cryptographic compliance posture across third‑party and supply‑chain dependencies.
Thought Leadership
Contribute to whitepapers, research, and industry presentations.
Support client workshops, tabletop exercises, and executive briefings.
Mentor consultants and client teams.
Participate in industry working groups, standards bodies, or vendor advisory councils.
Required Qualifications
10+ years in cybersecurity with a deep focus on cryptography and encryption.
Demonstrated expertise in enterprise key management lifecycle design and operations, HSM architecture, deployment, and FIPS validation, PKI architecture, certificate lifecycle management, and trust models.
Strong understanding of cryptographic protocols and algorithms (symmetric, asymmetric, hashing, digital signatures).
Experience with encryption architectures across data states (at‑rest, in‑transit, in‑use) in cloud and hybrid environments.
Proficient in post‑quantum cryptography concepts and enterprise migration challenges.
Experience advising large enterprises and regulated industries.
Exceptional communication and client‑facing skills.
Preferred Qualifications
Experience with PQC algorithm evaluation, testing, and hybrid cryptographic implementations.
Familiarity with NIST PQC standardization outcomes and CNSA 2.0 migration timelines.
Knowledge of crypto‑agility frameworks.
Experience with cloud KMS platforms (AWS KMS, Azure Key Vault, GCP Cloud KMS) and cloud HSM services.
Hands‑on experience with secrets management platforms (HashiCorp Vault, CyberArk Conjur, cloud‑native secrets managers).
Familiarity with HSM vendor platforms (Thales Luna, Entrust nShield, Utimaco) and their PQC firmware roadmaps.
Relevant certifications (e.g., CISSP, CCSP, GSEC, or cryptography‑focused credentials).
Master’s or PhD in cryptography, computer science, or a related field.
Key Competencies
Strategic thinking and executive presence.
Ability to simplify complex cryptographic concepts.
Strong consulting and stakeholder management skills.
Risk‑based decision framing.
Program and architecture leadership.
Cross‑functional collaboration across security, networking, application development, DevOps, and compliance teams.
Compensation & Benefits
Salary: $170,000 to $200,000 annually (base). Variable incentive compensation may be available.
Health and Wellbeing: Health, dental, and vision care, onsite health centers, employee assistance program, wellness program.
Financial Benefits: Competitive pay, profit sharing, 401k plan with company matching, life and disability insurance, tuition reimbursement.
Paid Time Off: PTO and sick leave (starting at 20 days per year), holidays (10 per year), parental leave, military leave, bereavement.
Additional Perks: Nursing mother benefits, voluntary legal assistance, pet insurance, employee discount program.
#J-18808-Ljbffr
We are seeking a highly experienced Principal Consultant specializing in enterprise cryptography, key management, and post-quantum readiness to lead strategic client engagements focused on cryptographic risk, encryption modernization, key lifecycle management, and quantum‑resilient architecture. This role serves as a senior advisor to CISOs, architecture leaders, and risk executives, helping organizations design and execute comprehensive cryptographic programs that address current operational and regulatory requirements while building resilience against emerging quantum threats. The ideal candidate blends deep cryptographic expertise across key management, PKI, encryption operations, and post‑quantum cryptography with consulting leadership and business acumen to translate complex cryptographic challenges into actionable, risk‑based strategies.
Key Responsibilities
Client Advisory & Strategy
Advise executives and security leaders on cryptographic risk, key management strategy, quantum readiness, and long‑term encryption posture.
Lead cryptographic maturity evaluations, PQC readiness assessments, and key management capability reviews.
Develop enterprise cryptographic roadmaps aligned to business risk, data classification, and regulatory drivers.
Present findings and recommendations to senior leadership and boards.
Cryptographic Discovery & Inventory
Lead enterprise‑wide cryptographic asset discovery across algorithms, certificates, keys, protocols, and encryption dependencies.
Identify “harvest now, decrypt later” exposure and prioritize remediation based on data sensitivity and shelf life.
Assess third‑party and supply‑chain cryptographic dependencies including SaaS providers, payment processors, certificate authorities, and embedded systems.
Develop cryptographic inventories that serve as the foundation for migration planning and risk quantification.
Key Management & HSM Operations
Design and assess enterprise key management programs covering the full lifecycle: generation, distribution, rotation, revocation, escrow, and destruction.
Architect HSM strategies including capacity planning, clustering/HA models, and FIPS 140‑2/140‑3 validation requirements.
Evaluate and recommend HSM platforms (Thales Luna, Entrust nShield, Utimaco) and cloud‑native options (AWS CloudHSM, Azure Managed HSM, GCP Cloud HSM).
Define governance over key custodianship, separation of duties, and key ceremony procedures.
PKI Architecture & Lifecycle
Design and assess PKI architectures including CA hierarchy, certificate lifecycle management, and trust models.
Provide guidance on automated enrollment protocols (ACME, SCEP, EST), certificate transparency, and private vs. public trust models.
Lead PKI modernization efforts including migration from legacy Microsoft ADCS environments.
Advise on code signing key management, firmware signing, and software supply‑chain integrity.
Cryptographic Architecture & Engineering
Design crypto‑agility architectures supporting algorithm transitions, including hybrid key exchange implementations (e.g., ML‑KEM combined with classical ECDH).
Define and assess enterprise encryption standards: approved algorithm suites, minimum key lengths, deprecation policies, and exception processes.
Provide guidance on TLS/IPsec/VPN modernization strategies, data‑at‑rest, data‑in‑transit, and data‑in‑use encryption controls, tokenization, format‑preserving encryption, and data masking techniques.
Support integration of NIST‑selected PQC algorithms into enterprise environments.
Program Leadership
Lead multi‑phase cryptographic transformation programs across key management, PKI, encryption, and PQC migration.
Define governance models for cryptographic lifecycle management.
Develop policies, standards, and crypto baselines.
Establish risk‑based migration strategies and prioritization models that account for data longevity versus quantum timeline estimates.
Coordinate cross‑functional collaboration across networking, application development, DevOps, and compliance teams.
Risk, Compliance & Standards Alignment
Align programs to NIST guidance (PQC, SP 800‑57, SP 800‑131A, etc.), ISO 27001/27002 cryptographic controls, and regulatory expectations in financial services, healthcare, and government.
Translate cryptographic risk into business and regulatory impact.
Assess cryptographic compliance posture across third‑party and supply‑chain dependencies.
Thought Leadership
Contribute to whitepapers, research, and industry presentations.
Support client workshops, tabletop exercises, and executive briefings.
Mentor consultants and client teams.
Participate in industry working groups, standards bodies, or vendor advisory councils.
Required Qualifications
10+ years in cybersecurity with a deep focus on cryptography and encryption.
Demonstrated expertise in enterprise key management lifecycle design and operations, HSM architecture, deployment, and FIPS validation, PKI architecture, certificate lifecycle management, and trust models.
Strong understanding of cryptographic protocols and algorithms (symmetric, asymmetric, hashing, digital signatures).
Experience with encryption architectures across data states (at‑rest, in‑transit, in‑use) in cloud and hybrid environments.
Proficient in post‑quantum cryptography concepts and enterprise migration challenges.
Experience advising large enterprises and regulated industries.
Exceptional communication and client‑facing skills.
Preferred Qualifications
Experience with PQC algorithm evaluation, testing, and hybrid cryptographic implementations.
Familiarity with NIST PQC standardization outcomes and CNSA 2.0 migration timelines.
Knowledge of crypto‑agility frameworks.
Experience with cloud KMS platforms (AWS KMS, Azure Key Vault, GCP Cloud KMS) and cloud HSM services.
Hands‑on experience with secrets management platforms (HashiCorp Vault, CyberArk Conjur, cloud‑native secrets managers).
Familiarity with HSM vendor platforms (Thales Luna, Entrust nShield, Utimaco) and their PQC firmware roadmaps.
Relevant certifications (e.g., CISSP, CCSP, GSEC, or cryptography‑focused credentials).
Master’s or PhD in cryptography, computer science, or a related field.
Key Competencies
Strategic thinking and executive presence.
Ability to simplify complex cryptographic concepts.
Strong consulting and stakeholder management skills.
Risk‑based decision framing.
Program and architecture leadership.
Cross‑functional collaboration across security, networking, application development, DevOps, and compliance teams.
Compensation & Benefits
Salary: $170,000 to $200,000 annually (base). Variable incentive compensation may be available.
Health and Wellbeing: Health, dental, and vision care, onsite health centers, employee assistance program, wellness program.
Financial Benefits: Competitive pay, profit sharing, 401k plan with company matching, life and disability insurance, tuition reimbursement.
Paid Time Off: PTO and sick leave (starting at 20 days per year), holidays (10 per year), parental leave, military leave, bereavement.
Additional Perks: Nursing mother benefits, voluntary legal assistance, pet insurance, employee discount program.
#J-18808-Ljbffr