← All rolesEngineering
Founding Cryptography Engineer
Remote (US / EU time zones)Full-timeSenior / Staff
Own the cryptographic core: hybrid ML-DSA + Ed25519 signing, ML-KEM transport, and the transparency log.
Cryptography is the product. You'll own the algorithms behind PostQ's hybrid signing, the post-quantum-signed transparency log, and the attested-signing enclave — the parts of the platform a security team actually audits.
This is a deep, high-trust role. Your work is the thing customers verify line-by-line, so correctness and clarity matter more than shipping speed.
What you'll do
- Design and implement hybrid signature schemes (ML-DSA + Ed25519/ECDSA) and ML-KEM key exchange
- Own the RFC 6962 Merkle transparency log, consistency proofs, and witness cosigning
- Harden the signing path: KEK/DEK envelope encryption, enclave attestation (AWS Nitro), TPM-backed keys
- Write reference verifiers and keep the CLI, SDKs, and API byte-for-byte consistent
- Engage with NIST PQC standards and translate them into shipped code
What we're looking for
- Strong Go (and ideally Rust) with a track record of security-sensitive systems work
- Hands-on with applied cryptography: signatures, KEMs, hashing, X.509, TLS
- Comfortable reading FIPS 203/204/205 and RFCs and implementing to spec
- A bias for testable, auditable, well-documented code
Nice to have
- Experience with confidential computing (Nitro Enclaves, SGX) or TPM 2.0
- Contributions to open-source crypto libraries (CIRCL, liboqs, BoringSSL, etc.)
PostQ is remote-first. We evaluate candidates on demonstrated ability, not credentials — if you can do the work, we want to hear from you, regardless of background. We do not collect more than the application below needs, and resumes are stored privately.
Apply
Apply for Founding Cryptography Engineer
Attach your resume and tell us why this role. We read every application.