Job Descriptions
Use this tool to access job descriptions for your next hire. Search by skills or job titles and download the job description to help you get started. Tip: You can use this tool to help ensure your own resume is up-to-date with the latest job requirements.
Cryptographer/Cryptanalyst
Skills
Job Description
Note: This role is most commonly found in large or medium-sized organizations.
Reporting relationship
To be completed by the user of this job description as appropriate
Job purpose / summary
Develops algorithms, ciphers, and security systems to encrypt information/Analyzes and decodes secret messages and coding systems.
Duties and responsibilities
- Collaborate with key stakeholders to establish an effective cybersecurity risk management program
- Ensure compliance with the changing laws and applicable regulations
- Develop systems for protection of important/sensitive information from interception, copying, modification and/or deletion
- Evaluate, analyze and target weaknesses and vulnerabilities in security systems and algorithms
- Develop statistical and mathematical models to analyze data and troubleshoot security problems
- Develop and test computational models for reliability and accuracy
- Identify, research and test new cryptology theories and applications
- Decode cryptic messages and coding systems for the organization
- Develop and update methods for efficient handling of cryptic processes
- Prepare technical reports that document security processes or vulnerabilities
- Provide guidance to management and personnel on cryptical or mathematical methods and applications
- Support countermeasures and risk mitigation strategies against potential exploitations of vulnerabilities related to cryptographic systems and, algorithms
- Provide insights and guidance related to quantum safety and quantum resistant strategies
- Support incident management and post-analysis in the event of a compromise to encryption/cryptographic processes or systems.
- Develop, deliver, and oversee related cybersecurity training material and educational efforts related to role
- Guide and support encryption specialists as required
Tools and Technology
- Threat and risk assessments
- Vulnerability management processes and vulnerability assessments
- Incident management processes and procedures (crypto/encryption related)
- Cybersecurity risk management processes & policies
- Privacy and security legislation
- Cryptographic algorithms, ciphers and systems
- Key management policies and plans
- Organizational security infrastructure and reporting systems
Competencies
Underpinning this occupation are those competencies demonstrated for an executive level which include those identified within the US NICE Cybersecurity Workforce Framework.
Basic application of the following KSAs:
- Integrated/organizational security concepts, principles and practice (software, system, data, physical and personnel)
- Preventative technical, operational and management controls available and organizational responsibilities for those controls
- Sector/context relevant threats, business needs and technical infrastructure
- Information and data requirements including sensitivity, integrity and life-cycle
- Applicable computer programming languages
- Cybersecurity program management, measures and monitoring
Advanced application of the following KSAs:
- Advanced threats and crypto breaking /decryption capabilities
- Applicable laws, legal codes, regulations, policies and ethics as they relate to cyber security; and
- Computer architecture, data structures, and algorithms
- Linear/matrix algebra and/or discrete mathematics
- Probability theory, information theory, complexity theory and number theory
- Cryptography and cryptographic key management concepts;
- Principles of symmetric cryptography (e.g., symmetric encryption, hash functions, message authentication codes, etc.)
- Principles of asymmetric cryptography (asymmetric encryption, key exchange, digital signatures, etc.)
- Incident response requirements for cryptographic compromise
- Technical report writing
Direct reports (if appropriate)
To be completed by the user of this job description as appropriate
Qualifications
Education. Post-secondary university degree in Computer Engineering, Computer Science, or Mathematics. A Master’s of Science or Doctorate is preferred.
As required to support organizational technical context (e.g. local tools, processes and procedures)
A highly specialized cybersecurity activity, this role is filled by experienced and educated professionals who are interested in this field. Opportunities exist for increased specialization and advanced research and studies in the field.
Certifications.
To be completed by the user of this job description as appropriate
Other relevant qualifications.
To be completed by the user of this job description as appropriate
Key Attributes.
To be completed by the user of this job description as appropriate
Experience. In addition to academic credentials, entry level roles normally requires 3-5 years’ experience in an IT/systems domain with familiarity of encryption and key management activities.
Working conditions (if required)
If the job requires a person to work in special working conditions this should be stated in the job description. Special working conditions cover a range of circumstances from regular evening and weekend work, shift work, working outdoors, working with challenging clients, and so forth.
Physical requirements (if appropriate)
If the job is physically demanding, this should be stated in the job description. A physically demanding job is one where the incumbent is required to stand for extended periods of time, lift heavy objects on a regular basis, do repetitive tasks with few breaks, and so forth.