Role Profile
Quantum Cryptography / Security Specialist
A quantum cryptography specialist protects organisations against the day a cryptographically relevant quantum computer can break today's public-key encryption. In practice that means far more classical security work than quantum physics: auditing where cryptography is used, migrating systems to the post-quantum standards NIST finalised, building crypto-agility so algorithms can be swapped later, and in some settings deploying quantum key distribution. It is a high-stakes role most active in government, defence, and finance.
A typical day
The work is mostly engineering and risk management, not theory. A specialist might start by extending a cryptographic inventory, finding every place RSA or elliptic-curve keys are used across services, certificates, and embedded devices. Midday could be spent integrating a hybrid key exchange in a TLS stack with liboqs and benchmarking the performance and packet-size impact of larger PQC keys. Other days are spent writing migration roadmaps, briefing security leadership on the "harvest now, decrypt later" threat, or evaluating whether a high-assurance link justifies QKD hardware. Reading and tracking standards is a constant background task, since the PQC landscape is still settling.
Core responsibilities
- Inventory where and how an organisation uses cryptography, including hidden dependencies in protocols and libraries.
- Plan and execute migration to the finalised NIST post-quantum standards, ML-KEM (Kyber), ML-DSA (Dilithium), and SLH-DSA (SPHINCS+), while tracking the draft FN-DSA (Falcon) standard still under review.
- Integrate PQC primitives using libraries like liboqs and the Open Quantum Safe project, often in hybrid (classical + PQC) modes.
- Design for crypto-agility so algorithms can be swapped as standards evolve, without re-architecting systems.
- Assess and, where appropriate, deploy quantum key distribution (QKD) for high-assurance links.
- Model the "harvest now, decrypt later" threat and prioritise data by how long it must stay confidential.
- Review network security, TLS configurations, PKI, and key management for quantum readiness.
- Communicate risk and roadmaps clearly to security leadership, auditors, and regulators.
Skills
Required
- Classical cryptography (RSA, ECC, AES, hashing)
- NIST PQC standards
- Public-key infrastructure and TLS
- Network and protocol security
- C / Python for crypto libraries
- Threat modelling and risk assessment
- Crypto-agility design
- Key management
Nice to have
Tools and standards
-
liboqs / Open Quantum Safe
C library and integrations (OpenSSL, OpenSSH) providing PQC algorithms for real-world testing and deployment.
-
NIST PQC standards
The FIPS 203/204/205 standards for ML-KEM, ML-DSA, and SLH-DSA that production migrations target.
Learn more → -
OpenSSL / BoringSSL
TLS stacks where hybrid key exchange and PQC signatures are integrated and benchmarked.
-
QKD hardware
Photonic key-distribution systems from vendors like Toshiba and ID Quantique for high-assurance links.
Learn more → -
PKI and HSMs
Certificate authorities and hardware security modules that must be updated to handle larger PQC keys.
Salary by seniority
Rough estimates of US base-salary ranges for 2026; treat these as ballpark figures rather than survey data. Government and defence roles often add a clearance premium; fintech total compensation adds bonus and equity. Major metros typically pay 20-40% more.
| Level | Base range | What changes |
|---|---|---|
| Junior (0-3 yr) | $100k - $130k | Crypto inventory, library integration, standards reading, and migration support. |
| Mid (3-7 yr) | $130k - $165k | Owns PQC migration projects, protocol integration, and crypto-agility design. |
| Senior / Staff (7 yr+) | $165k - $210k+ | Sets cryptographic strategy, advises leadership, and leads government or fintech engagements. |
See the full quantum computing salary guide for geographic breakdowns and the skills that command a premium, including active security clearance.
Demand and outlook
Demand is surging. NIST finalised its first post-quantum standards in 2024, and government mandates now push agencies and their suppliers toward migration on fixed timelines. Finance, telecom, and critical infrastructure are following, because data with a long confidentiality lifetime is already exposed to "harvest now, decrypt later" collection. Unlike most quantum roles, you do not need a physics PhD: experienced security engineers who learn PQC are highly employable, and an active US security clearance materially raises compensation in defence-adjacent work.
Who hires for this role
Browse current openings on the quantum jobs board, and see how this role fits alongside others in the careers overview.
Want to be in line for roles like this? Join the talent pool and we will email you when a matching listing is posted.
How to become a quantum cryptography specialist
The path builds on classical security and cryptography, then adds depth in the NIST PQC algorithms and migration practice. Our step-by-step roadmap covers the full sequence.
Read the full guide: How to become a quantum cryptography specialist →