Applied Cryptography & Cybersecurity Software Engineer – Post Quantum Focus (M.S. or Ph.D.)

Exponentis the only premium engineering and scientific consulting firm with the depth and breadth of expertise to solve our clients most profoundly unique unprecedented and urgent challenges.

Our vision is to engage multidisciplinary teams of science engineering and regulatory experts to empower clients with solutions that create a safer healthier more sustainable world. For over five decades weve connected the lessons of past failures with tomorrows solutions to advise clients as they innovate technologically complex products and processes ensure the safety and health of their users and address the challenges of sustainability.

Join our team of experts with degrees from top programs at over 500 universities and extensive experience spanning a variety of industries. At Exponent youll contribute to the diverse pool of ideas talents backgrounds and experiences that drives our collaborative teamwork and breakthrough insights. Plus we help you grow your career through mentoring sponsorship and a culture of learning. Thanks for your interest in joining our team!

Key statistics:

• 950 Consultants
• 640 Ph.D.s
• 90 Disciplines
• 30 Offices globally

We are seeking anApplied Cryptography & Cybersecurity Software Engineer PostQuantum Focus to join ourData SciencesPractice inIrvine CA Los Angeles CA or Menlo Park CA.

This role is ideal for someone who thrives at the intersection of cryptography research cybersecurity architecture and handson software engineering and who is passionate about securing realworld missioncritical systems. You will contribute to impactful projects across sectors including defense utilities and other critical infrastructure domains helping to design and implement secure resilient systems that can withstand todays and tomorrows adversaries.

You will work on cryptographic modernization and postquantum transition efforts architect secure systems and protocols and help build robust software and data infrastructure that bakes in security from the ground up. Youll collaborate with multidisciplinary teams of engineers data scientists and domain experts to solve complex applied security problems in production environments.

• Designing and architecting secure software systems and services with strong emphasis on cryptography key management and secure protocol design
• Leading postquantum cryptography assessments and migration planning including algorithm selection hybrid approaches and performance/latency tradeoff analysis
• Evaluating integrating and hardening cryptographic libraries modules and products including FIPSvalidated components where applicable
• Developing and reviewing secure communication protocols authentication schemes and dataatrest / dataintransit protection mechanisms
• Performing security architecture reviews for new and existing systems
• Wearing multiple hats across data engineering and software teams to incorporate cryptographic controls and security best practices into data pipelines APIs and microservices
• Supporting the development of policies standards and technical guidance related to cryptographic modernization (including PQC) and cybersecurity architecture
• Translating complex cryptographic and cybersecurity concepts into clear requirements design documents and presentations for both technical and nontechnical stakeholders including senior government clients
• Ensuring security controls and cryptographic implementations align with federal and industry standards (e.g. NIST PQC CNSS DoD directives FedRAMP) and clientspecific compliance requirements
• Contributing to internal R&D and prototyping efforts in areas such as PQC benchmarking secure enclaves zerotrust architectures and secure DevSecOps pipelines

• Ph.D. in Computer Science Electrical/Computer Engineering Applied Mathematics or a related scientific/engineering field with a focus in cryptography cybersecurity or information security
• OR M.S. plus 5 years of postdegree industry or government experience in applied cryptography cybersecurity architecture or secure software engineering
• Deep expertise in modern cryptography including:
• Publickey and symmetric cryptography key exchange digital signatures hashing and MACs
• Understanding of postquantum cryptography concepts and NIST PQC standards (e.g. Kyber Dilithium other latticebased or codebased schemes)
• Familiarity with cryptographic protocols (e.g. TLS IPsec SSH) and their failure modes
• Demonstrated experience designing and reviewing secure system and software architectures for missioncritical or sensitive environments
• Strong software engineering skills including:
• Proficiency in at least one systems or backend language (e.g. Python C/C Go Rust or Java)
• Experience building testing and maintaining productiongrade software using version control (Git or similar)
• Familiarity with secure coding practices code review and CI/CD or DevSecOps workflows
• Experience integrating cryptography into realworld systems including:
• Using and evaluating cryptographic libraries (e.g. OpenSSL BoringSSL libsodium Bouncy Castle AWS KMS Azure Key Vault or equivalent)
• Implementing or integrating key management HSMs or hardwarebacked trust (e.g. TPM secure enclaves)
• Working knowledge of cybersecurity concepts and frameworks such as:
• Zerotrust architectures identity and access management network segmentation logging and monitoring
• NIST SP 800series guidance DoD or IC security policies or similar regulatory frameworks
• Experience communicating complex technical material clearly and concisely to diverse audiences including senior leadership and nontechnical stakeholders
• Strong writing skills to enable generation of concise clear and accurate standards and guidance documentation
• Ability to work independently and in multidisciplinary teams managing priorities across concurrent projects

Highly desirable experience

• Handson work in postquantum cryptography transition or evaluation (e.g. performance benchmarking hybrid key exchange impact analysis on existing protocols)
• Experience with DoD IC or other U.S. Government clients including familiarity with cryptographyrelated policies and guidance
• Experience architecting secure solutions on major cloud platforms (AWS Azure or GCP) including use of managed key management and cryptographic services
• Background in secure networking endpoint protection or security operations as it relates to cryptographic controls
• Experience with formal methods protocol verification or sidechannel and implementationlevel attack considerations
• Relevant certifications (e.g. CISSP GSEC CSSLP GIAC or similar)

Security requirements

Our contracts with the United States Government for this position require:

• Proof of U.S. citizenship
• The possession of or ability to obtain a U.S. DoD Security Clearance (Secret or higher)

Applicants selected will be subject to a security investigation and may need to meet eligibility requirements for access to classified information.

Applicants are encouraged to submit a CV (Curriculum Vitae) with publications (feel free to include publications that are in review or pending) not restricted to 1 page.

To learn more about life at Exponent and our impact please visit the following links:

inspiring developing and rewarding exceptional people with diverse backgrounds and expertise are central to our corporate culture. Our diverse team allows us to provide better value to our clients and enjoy an enriched work environment.

Our firm is committed to offering a variety of programs and resources to support health and well-being. We believe that providing competitive benefits as well as compensation and recognition programs empowers our staff to do work that makes a difference.

At Exponent we have found that in-person interactions deepen employee engagement and are crucial for development for realizing the full potential of our talented and diverse teams and for building a more inclusive workplace where all have a sense of our offices you can expect a supportive culture and a collaborative dynamic multi-disciplinary work environment. Our consultants engage in-person in the office unless they are traveling for client work or other business activities.

We value the rich lives our colleagues enjoy outside of work and understand that work/life balance is critical to our employees and their well-being. Consultants have the autonomy to balance their work and personal schedules so you can meet with clients visit inspection sites attend conferences and make time for priorities outside of work too. It is this flexible agile work style and working hours that allow our teams to drive innovation and results in their own ways while meeting the needs of clients. #LI-Onsite

Our consultants are rewarded for their technical and business contributions and have an opportunity to plan for future success and career growth. Exponents total compensation plan is consistent with its expectations of the quality and quantity of work performed and with the professional standards set by Exponent. At the Associate and Senior Associate level total compensation includes base salary bi-weekly bonuses for high-intensity efforts annual bonus and 401(k) employer contribution of 7% of base salary.

The base salary range for this position is dependent on experience and capabilities which will be assessed during the interview process.