Cryptographic Systems Engineer (Post-Quantum) 

Job Title: Cryptographic Systems Engineer (Post-Quantum)
Office Location: 7303 Warden Ave. Markham, ON
Employment Type: Full‑time
Application Email: careers@superqubit.ai

SuperQubit is building a pioneering Post-Quantum Cryptography (PQC) bridge platform — a transparent local proxy that upgrades legacy application communications to NIST-approved quantum-resistant algorithms without requiring any modification to existing software.

As quantum threats accelerate, the vast majority of deployed legacy systems cannot be patched or rewritten to adopt PQC. We are solving that problem at the infrastructure layer.

This is a hands-on software engineering role at the intersection of post-quantum cryptography, systems programming, and operating-system internals — not a network administration position.

Role Overview

You will architect and implement the systems core of a TLS-intercepting PQC proxy: software that runs locally on a host, identifies outbound connections from legacy applications, determines whether the remote endpoint supports PQC, and transparently re-encrypts the communication using NIST-standardized post-quantum algorithms including ML-KEM and ML-DSA.

The work spans kernel-adjacent interfaces (eBPF / netfilter on Linux, WFP on Windows, NetworkExtension on macOS), TLS internals, and cryptographic engineering. You will work directly alongside our in-house PQC cryptography lead to integrate a Python/liboqs-based cryptographic engine into a high-performance Rust systems layer.

The platform is designed from the ground up for crypto agility and hybrid classical/PQC operation, in alignment with NIST and IETF transition guidelines.

Key Responsibilities

• Design and implement a local TLS-terminating proxy in Rust that transparently intercepts outbound application traffic and re-encrypts it using post-quantum cryptographic algorithms.
• Build a process attribution module that maps active network connections to the originating application, enabling per-application PQC policy enforcement at the OS level.
• Implement PQC capability detection — negotiating with remote endpoints to determine whether they support post-quantum, classical, or hybrid handshakes, and routing traffic accordingly.
• Develop and maintain a clean integration bridge between the Rust systems layer and the Python/liboqs cryptographic engine, using FFI, PyO3, or subprocess IPC patterns.
• Implement a lightweight relay server that terminates the PQC-upgraded tunnel on the network edge, completing the end-to-end encrypted bridge.
• Design a policy and configuration layer that governs which application traffic receives PQC treatment, passthrough, or hybrid handling.
• Architect the codebase for crypto agility — ensuring algorithm modules are abstracted, versioned, and replaceable as NIST standards evolve.
• Manage local PKI and certificate lifecycle: programmatic CA generation, certificate issuance, and OS trust-store integration required for transparent TLS interception.
• Conduct security-focused code review with particular attention to key material handling, memory hygiene, and safe failure modes.
• Maintain thorough documentation, version control discipline, and reproducible build practices throughout the MVP and beyond.

Minimum Requirements

• Bachelor’s degree or higher in Computer Science, Software Engineering, Electrical Engineering, or a related field, with demonstrated focus on systems programming, cryptography, or low-level security software.
• Proven hands-on experience building cryptographic or low-level network security software — TLS proxies, traffic inspection engines, VPN clients, encryption gateways, or equivalent.
• Strong systems programming skills in Rust (strongly preferred) or C/C++, with experience in async I/O and high-throughput network programming.
• Deep working knowledge of TLS 1.2 and TLS 1.3 internals — handshake mechanics, certificate chain validation, cipher suite negotiation, and SNI handling.
• Working knowledge of modern cryptography fundamentals — symmetric and asymmetric primitives, key exchange, authenticated encryption, and an understanding of where post-quantum algorithms fit into the existing landscape.
• Experience with OS-level traffic redirection and process-to-connection attribution on at least one platform — iptables / nftables / tproxy / eBPF on Linux, or Windows Filtering Platform (WFP).
• Experience writing Python interoperability layers — FFI bindings, PyO3, ctypes, or subprocess-based integration with Python components.
• Understanding of X.509 PKI, local CA operation, and programmatic certificate generation.
• Must reside in the Greater Toronto Area.

Preferred Qualifications

• Direct experience with liboqs, OQS-OpenSSL, AWS-LC, or Cloudflare CIRCL PQC libraries.
• Familiarity with NIST PQC standards (FIPS 203 / 204 / 205) and IETF hybrid key exchange drafts.
• Experience with eBPF or netfilter kernel hooks for low-level traffic capture and process attribution on Linux.
• Relay or edge server development experience in Go or Rust for the server-side tunnel component.
• Familiarity with PKCS#11, TPM, or OS keystore APIs (Windows CNG, macOS Keychain) for secure key material storage.
• Contributions to open-source security, networking, or cryptography projects.
• Comfort reading and implementing directly from IETF RFCs and NIST standard publications.

How to Apply

Send your resume, GitHub or relevant open-source contributions, and a short note on a systems or cryptography project you’re proud of to careers@superqubit.ai.

SuperQubit is committed to building secure, innovative technologies for the quantum era. We welcome applicants who are passionate about shaping the future of cybersecurity.