Apply on Employer Site

Exponent · 4 hours ago

Applied Cryptography & Cybersecurity Software Engineer – Post Quantum Focus (M.S. or Ph.D.)

Los Angeles, CA

Full-time

Onsite

Senior Level

$133K/yr - $145K/yr

5+ years exp

Exponent is a premium engineering and scientific consulting firm specializing in solving unique challenges across various industries. The Applied Cryptography & Cybersecurity Software Engineer will focus on cryptographic modernization and post-quantum transition efforts, designing secure systems and collaborating with multidisciplinary teams to ensure robust cybersecurity practices.

Consulting

No H1B

Security Clearance Required

U.S. Citizen Only

Responsibilities

Designing and architecting secure software systems and services, with strong emphasis on cryptography, key management, and secure protocol design

Leading post‑quantum cryptography assessments and migration planning, including algorithm selection, hybrid approaches, and performance/latency tradeoff analysis

Evaluating, integrating, and hardening cryptographic libraries, modules, and products, including FIPS‑validated components where applicable

Developing and reviewing secure communication protocols, authentication schemes, and data‑at‑rest / data‑in‑transit protection mechanisms

Performing security architecture reviews for new and existing systems

Wearing multiple hats across data engineering and software teams to incorporate cryptographic controls and security best practices into data pipelines, APIs, and microservices

Supporting the development of policies, standards, and technical guidance related to cryptographic modernization (including PQC) and cybersecurity architecture

Translating complex cryptographic and cybersecurity concepts into clear requirements, design documents, and presentations for both technical and non‑technical stakeholders, including senior government clients

Ensuring security controls and cryptographic implementations align with federal and industry standards (e.g., NIST PQC, CNSS, DoD directives, FedRAMP) and client‑specific compliance requirements

Contributing to internal R&D and prototyping efforts in areas such as PQC benchmarking, secure enclaves, zero‑trust architectures, and secure DevSecOps pipelines

Qualification

Applied CryptographyCybersecurity ArchitectureSecure Software EngineeringPost-Quantum CryptographySoftware Engineering SkillsCryptographic ProtocolsCryptographic LibrariesCybersecurity ConceptsCommunication SkillsWriting SkillsTeam CollaborationIndependent WorkProject Management

Required

Ph.D. in Computer Science, Electrical/Computer Engineering, Applied Mathematics, or a related scientific/engineering field with a focus in cryptography, cybersecurity, or information security + OR M.S. plus 5+ years of post‑degree industry or government experience in applied cryptography, cybersecurity architecture, or secure software engineering

Deep expertise in modern cryptography, including: Public‑key and symmetric cryptography, key exchange, digital signatures, hashing, and MACs; Understanding of post‑quantum cryptography concepts and NIST PQC standards (e.g., Kyber, Dilithium, other lattice‑based or code‑based schemes); Familiarity with cryptographic protocols (e.g., TLS, IPsec, SSH) and their failure modes

Demonstrated experience designing and reviewing secure system and software architectures for mission‑critical or sensitive environments

Strong software engineering skills, including: Proficiency in at least one systems or backend language (e.g., Python, C/C++, Go, Rust, or Java); Experience building, testing, and maintaining production‑grade software using version control (Git or similar); Familiarity with secure coding practices, code review, and CI/CD or DevSecOps workflows

Experience integrating cryptography into real‑world systems, including: Using and evaluating cryptographic libraries (e.g., OpenSSL, BoringSSL, libsodium, Bouncy Castle, AWS KMS, Azure Key Vault, or equivalent); Implementing or integrating key management, HSMs, or hardware‑backed trust (e.g., TPM, secure enclaves)

Working knowledge of cybersecurity concepts and frameworks, such as: Zero‑trust architectures, identity and access management, network segmentation, logging and monitoring; NIST SP 800‑series guidance, DoD or IC security policies, or similar regulatory frameworks

Experience communicating complex technical material clearly and concisely to diverse audiences, including senior leadership and non‑technical stakeholders

Strong writing skills to enable generation of concise, clear, and accurate standards and guidance documentation

Ability to work independently and in multidisciplinary teams, managing priorities across concurrent projects

Proof of U.S. citizenship

The possession of, or ability to obtain, a U.S. DoD Security Clearance (Secret or higher)

Preferred

Hands‑on work in post‑quantum cryptography transition or evaluation (e.g., performance benchmarking, hybrid key exchange, impact analysis on existing protocols)

Experience with DoD, IC, or other U.S. Government clients, including familiarity with cryptography‑related policies and guidance

Experience architecting secure solutions on major cloud platforms (AWS, Azure, or GCP), including use of managed key management and cryptographic services

Background in secure networking, endpoint protection, or security operations as it relates to cryptographic controls

Experience with formal methods, protocol verification, or side‑channel and implementation‑level attack considerations

Relevant certifications (e.g., CISSP, GSEC, CSSLP, GIAC, or similar)