Role Profile

Quantum Cryptography / Security Specialist

A quantum cryptography specialist protects organisations against the day a cryptographically relevant quantum computer can break today's public-key encryption. In practice that means far more classical security work than quantum physics: auditing where cryptography is used, migrating systems to the post-quantum standards NIST finalised, building crypto-agility so algorithms can be swapped later, and in some settings deploying quantum key distribution. It is a high-stakes role most active in government, defence, and finance.

Est. base salary (US) $100k - $210k+
Focus PQC migration, QKD, security
Best for Security and crypto engineers

A typical day

The work is mostly engineering and risk management, not theory. A specialist might start by extending a cryptographic inventory, finding every place RSA or elliptic-curve keys are used across services, certificates, and embedded devices. Midday could be spent integrating a hybrid key exchange in a TLS stack with liboqs and benchmarking the performance and packet-size impact of larger PQC keys. Other days are spent writing migration roadmaps, briefing security leadership on the "harvest now, decrypt later" threat, or evaluating whether a high-assurance link justifies QKD hardware. Reading and tracking standards is a constant background task, since the PQC landscape is still settling.

Core responsibilities

  • Inventory where and how an organisation uses cryptography, including hidden dependencies in protocols and libraries.
  • Plan and execute migration to NIST post-quantum standards: ML-KEM (Kyber), ML-DSA (Dilithium), FN-DSA (Falcon), and SLH-DSA (SPHINCS+).
  • Integrate PQC primitives using libraries like liboqs and the Open Quantum Safe project, often in hybrid (classical + PQC) modes.
  • Design for crypto-agility so algorithms can be swapped as standards evolve, without re-architecting systems.
  • Assess and, where appropriate, deploy quantum key distribution (QKD) for high-assurance links.
  • Model the "harvest now, decrypt later" threat and prioritise data by how long it must stay confidential.
  • Review network security, TLS configurations, PKI, and key management for quantum readiness.
  • Communicate risk and roadmaps clearly to security leadership, auditors, and regulators.

Skills

Required

  • Classical cryptography (RSA, ECC, AES, hashing)
  • NIST PQC standards
  • Public-key infrastructure and TLS
  • Network and protocol security
  • C / Python for crypto libraries
  • Threat modelling and risk assessment
  • Crypto-agility design
  • Key management

Nice to have

  • liboqs / Open Quantum Safe
  • Lattice-based cryptography theory
  • QKD protocols (BB84, E91)
  • Security clearance (US roles)
  • FIPS and Common Criteria compliance
  • Hardware security modules (HSM)
  • Formal verification
  • Standards-body participation

Tools and standards

  • liboqs / Open Quantum Safe

    C library and integrations (OpenSSL, OpenSSH) providing PQC algorithms for real-world testing and deployment.

  • NIST PQC standards

    The FIPS 203/204/205 standards for ML-KEM, ML-DSA, and SLH-DSA that production migrations target.

    Learn more →

  • OpenSSL / BoringSSL

    TLS stacks where hybrid key exchange and PQC signatures are integrated and benchmarked.

  • QKD hardware

    Photonic key-distribution systems from vendors like Toshiba and ID Quantique for high-assurance links.

    Learn more →

  • PKI and HSMs

    Certificate authorities and hardware security modules that must be updated to handle larger PQC keys.

Salary by seniority

Approximate US base-salary ranges for 2026. Government and defence roles often add a clearance premium; fintech total compensation adds bonus and equity. Major metros add 20-40%.

LevelBase rangeWhat changes
Junior (0-3 yr) $100k - $130k Crypto inventory, library integration, standards reading, and migration support.
Mid (3-7 yr) $130k - $165k Owns PQC migration projects, protocol integration, and crypto-agility design.
Senior / Staff (7 yr+) $165k - $210k+ Sets cryptographic strategy, advises leadership, and leads government or fintech engagements.

See the full quantum computing salary guide for geographic breakdowns and the skills that command a premium, including active security clearance.

Demand and outlook

Demand is surging. NIST finalised its first post-quantum standards in 2024, and government mandates now push agencies and their suppliers toward migration on fixed timelines. Finance, telecom, and critical infrastructure are following, because data with a long confidentiality lifetime is already exposed to "harvest now, decrypt later" collection. Unlike most quantum roles, you do not need a physics PhD: experienced security engineers who learn PQC are highly employable, and an active US security clearance materially raises compensation in defence-adjacent work.

Who hires for this role

  • Government and defence agencies
  • National labs
  • Banks and fintech
  • Cloud providers (AWS, Microsoft, Google)
  • IBM
  • Telecom carriers
  • ID Quantique
  • Toshiba
  • Security consultancies
  • Critical infrastructure operators

Browse current openings on the quantum jobs board, and see how this role fits alongside others in the careers overview.

How to become a quantum cryptography specialist

The path builds on classical security and cryptography, then adds depth in the NIST PQC algorithms and migration practice. Our step-by-step roadmap covers the full sequence.

Read the full guide: How to become a quantum cryptography specialist →

Learn the foundations

Study the standards

Explore QKD