Senior Product Security Engineer

About the job

Encryption Consulting’s products, services, and solutions form the foundation of secure enterprise IT environments, and the trust in those offerings is built on strong cryptography. As the cryptographic landscape faces its greatest shift in a generation—the transition to Post‑Quantum Cryptography (PQC)—Encryption Consulting is expanding its portfolio team to govern and shape the cryptographic future for our clients and platforms.

We are forming a Portfolio Crypto Team, a strategic partnership between Product Security and Platform Security functions. As a Senior Product Security Engineer, your mission is to own and execute key cryptographic modernization initiatives and act as the primary enabler for product and solution teams across Encryption Consulting’s portfolio. You will be the recognized go‑to expert for cryptographic implementation beyond core platforms, helping teams adopt new policies, integrate modern crypto libraries, and audit applications and solutions.

This role expects you to be an expert and owner of cryptography, build strong relationships across teams, and enable others by scaling your expertise to drive portfolio‑wide adoption of modern and quantum‑resistant cryptography.

What You Will Do

Container Cryptography Audits & Strategy

• Act as the primary technical owner for auditing Go‑based cryptographic implementations within containerized platforms, Kubernetes environments, and container runtimes (e.g., CRI‑O, Podman, Docker). You will identify and resolve cryptographic gaps where containerized applications fail to correctly leverage host FIPS‑validated or PQC‑ready providers.
• Act as the primary technical owner responsible for continuing the implementation and integration of Encryption Consulting’s cryptographic inventory and discovery tools.
• Partner with Principal Security Architects to define and implement scanner policies for detecting cryptographic assets in CI/CD pipelines.
• Work directly with pipeline, DevOps, and data teams to integrate these tools and produce a sustainable Cryptographic Bill of Materials (CBOM) for clients and internal offerings.

Act as the Portfolio Crypto Enablement Partner

• Partner with product and solution teams to integrate Merkle Tree–based certificate and integrity mechanisms within Encryption Consulting’s unified security architecture.
• Serve as the primary go‑to technical consultant for teams supporting enterprise solutions (PKI, CLM, HSM, Zero Trust, Cloud Security) navigating cryptographic migrations such as PQC readiness, FIPS compliance, and crypto‑agility.
• Consult directly with engineers to audit codebases, analyze dependencies (e.g., python‑cryptography, Go crypto libraries), and build migration plans aligned with portfolio‑wide cryptographic policy.
• Enable other teams by creating documentation, reference architectures, best‑practice guides, and office hours to scale cryptographic expertise across the organization.

Drive Foundational Crypto Integration and Dependency Management

• Define functional requirements and partner on the integration of new cryptographic tools, including runtime instrumentation and visibility for core crypto libraries.
• Track and manage critical cryptographic dependencies across the portfolio, working with platform, PKI, HSM, and cloud security teams to remove blockers and ensure successful delivery of modern cryptographic capabilities.

What You Will Bring

Multi‑Language Technical Expertise

• Deep, hands‑on experience in Go and Python is required.
• Ability to audit cryptographic implementations in these languages and understand interactions with core C‑based libraries (OpenSSL, NSS, libcrypto).

Applied Cryptography & PKI

• Broad expertise in applied cryptography, including PKI, TLS, digital signatures, key management, and certificate lifecycle management.
• Strong understanding of modern cryptographic challenges, including Post‑Quantum Cryptography (PQC) and crypto‑agility.

Container & Cloud‑Native Security

• Strong understanding of OCI specifications, Kubernetes, and how container runtimes interact with cryptographic hardware such as HSMs or kernel‑level crypto providers.

Project Ownership

• Proven ability to own and deliver complex, cross‑team technical initiatives from design through execution.
• Comfortable moving between deep technical discussions with engineers and strategic roadmap conversations with security and product leadership.

Collaborative Leadership

• A track record of building trust across teams and acting as a recognized cryptographic authority.
• Demonstrated ability to enable and unblock others.

Problem Solving

• Strong analytical skills to diagnose complex cryptographic dependencies and systemic blockers across a large technology portfolio.

Bonus Skills

• Experience contributing to or maintaining core cryptographic libraries or security‑focused Go projects.
• Familiarity with SPIFFE/SPIRE, Sigstore/Cosign, or software supply‑chain security.
• Experience with Merkle Tree implementations, binary‑level runtime analysis, or cryptographic scanning.
• Familiarity with FIPS validation processes in virtualized or containerized environments.