Post-Quantum Cryptography Jobs UK 2026: NCSC, Banks and the Migration Crunch

The Short Answer

Post-quantum cryptography (PQC) is the family of cryptographic algorithms designed to resist attack by future fault-tolerant quantum computers. In the UK, demand for PQC specialists has stepped up sharply since the NCSC published its three-phase migration roadmap in 2025, which sets 2028 (discovery and planning), 2031 (high-priority upgrades) and 2035 (full migration) as the headline dates for the national transition. The 2031 milestone in particular — sometimes shorthanded as the "2030 crunch" by industry — is what is driving most of the 2026 hiring.

The buyers are predictable: NCSC and GCHQ in Cheltenham, the UK's tier-1 banks (HSBC, Barclays, NatWest Group, Bank of England), defence primes such as BAE Systems Digital Intelligence, infrastructure providers like Cloudflare UK, and UK-based PQC specialists including Arqit Quantum, Post-Quantum Ltd and KETS Quantum Security. Standards work centres on the NIST PQC suite — ML-KEM (Kyber), ML-DSA (Dilithium) and SLH-DSA (SPHINCS+) — alongside NCSC implementation guidance.

Typical UK salary bands in mid-2026 look roughly like this: junior cryptography engineers £55,000–£75,000; mid-level PQC engineers £80,000–£110,000; senior PQC architects £120,000–£160,000; principal/staff cryptographers and cleared roles in defence £150,000–£200,000+. Contractor day rates for SC/DV-cleared PQC specialists commonly sit in the £900–£1,400 range, with some niche short-term gigs paying more.

What Is Post-Quantum Cryptography and Why the Urgency?

Most of the cryptography that protects today's internet — RSA, ECDSA, Diffie-Hellman — relies on mathematical problems (integer factorisation, discrete logarithms) that a sufficiently large quantum computer could solve using Shor's algorithm. A "cryptographically relevant" quantum computer almost certainly does not exist yet, and credible forecasts place it somewhere between the early 2030s and the 2040s. The problem is that the migration itself takes the better part of a decade, so the work has to start now.

Two things crystallised the UK picture in 2024–2025. First, NIST finalised the initial PQC standards: FIPS 203 (ML-KEM, derived from Kyber, for key encapsulation), FIPS 204 (ML-DSA, derived from Dilithium, for digital signatures) and FIPS 205 (SLH-DSA, derived from SPHINCS+, as a hash-based signature backstop). FIPS 206 (FN-DSA, derived from Falcon) followed shortly after. Second, the NCSC published its "Timelines for migration to post-quantum cryptography" guidance, setting out the now widely-cited three-phase plan:

• By 2028 — identify cryptographic services that need to be upgraded and build a migration plan.

• By 2031 — execute the earliest and highest-priority upgrades.

• By 2035 — complete migration to PQC across all systems, services and products.

The driving threat is "harvest now, decrypt later" (HNDL): an adversary captures encrypted traffic or stored ciphertext today and decrypts it once a quantum computer becomes available. Any data with a confidentiality lifetime stretching into the 2030s — patient records, intelligence material, long-lived intellectual property, financial customer data — is arguably already at risk, which is why regulated sectors are not waiting until 2034 to start.

It is worth being honest about the uncertainty. Standards may yet shift (the Bank of England and NCSC both stress cryptographic agility precisely because of this), and hardware acceleration for PQC operations is expected to mature meaningfully through 2026–2027. Hiring plans should account for that.

Which UK Roles Exist?

The PQC labour market in 2026 has settled into roughly five overlapping job families.

Cryptography Engineer (PQC focus) — implements PQC algorithms in production code, integrates them into TLS stacks, VPNs, HSMs and identity systems, and writes the test harnesses. Strong C/C++, Rust or Go, with hands-on OpenSSL/BoringSSL or liboqs experience.

PQC Migration Architect — owns the enterprise-wide cryptographic inventory, designs the hybrid (classical + PQC) transition, and sequences the rollout across business units. This is the role banks and government departments are filling fastest in 2026. Expect heavy involvement with cryptographic agility frameworks and crypto-bills-of-materials (CBOMs).

Cryptographic Standards Engineer — tracks the NIST, IETF (TLS, IKEv2, X.509), ETSI and 3GPP working groups, contributes interoperability test results, and translates draft standards into internal implementation guidance. Common at NCSC, the larger banks and at PQC vendors.

Security Researcher (PQC / quantum-safe) — side-channel analysis of lattice schemes, fault-injection testing, formal verification, and increasingly research into the next round of NIST candidates (HQC, BIKE-style backups). Concentrated in academia (Bristol, Surrey, Royal Holloway), at NCSC's research arms, and at vendors like PQShield and Post-Quantum Ltd.

Quantum-Safe Network Engineer — integrates PQC into network appliances, SD-WAN, telco core and increasingly into QKD-adjacent products. Often a path in for senior network security engineers who already know IPsec, MACsec and TLS 1.3.

A couple of hybrid roles are appearing too: "Crypto-Agility Lead" (often a programme management title in financial services) and "PQC Solutions Architect" (vendor-side, pre-sales). Neither is yet a standardised role, and titles vary widely.

What Do PQC Roles Pay in the UK?

Salary data for such a young specialism should be read with caution — there are not yet enough public postings to derive tight statistical bands, so the figures below are blended from advertised roles, recruiter conversations and Glassdoor-style aggregates in early-to-mid 2026.

• Junior cryptography engineer (0–2 years): £55,000–£75,000 in London; £50,000–£68,000 outside London. NCSC graduate-pathway roles in Cheltenham tend to sit at the lower end of this band but carry pension and clearance value.

• Mid-level PQC engineer (3–6 years): £80,000–£110,000 in London; £75,000–£100,000 in Manchester, Edinburgh or Cheltenham.

• Senior PQC engineer / architect (7+ years): £120,000–£160,000 base in London financial services; £110,000–£140,000 in defence/government primes.

• Principal / staff cryptographer: £150,000–£200,000+ base at Cloudflare UK, the tier-1 banks and the best-funded PQC vendors, with meaningful equity at venture-backed firms.

Contractor day rates are where the migration crunch shows most clearly. Outside-IR35 PQC engineering contracts in the City are commonly advertised at £750–£1,000 per day. SC- or DV-cleared PQC specialists working into MOD, NCSC partners or defence primes routinely command £900–£1,400 per day in 2026, and short-burst lattice-cryptography assignments occasionally clear that ceiling.

Two caveats. First, the "cleared premium" is real but illiquid — clearance takes months and cannot be transferred between sponsors freely. Second, equity in early-stage PQC vendors is genuinely speculative; weigh it accordingly against a Bank of England or HSBC permanent package.

Top UK Employers Hiring

The buyers fall into four clusters.

Government and intelligence. The NCSC in Cheltenham is recruiting across PQC research, standards engagement and assurance, often in partnership with GCHQ. Roles typically require sole UK nationality and DV clearance. Defence Science and Technology Laboratory (Dstl) hires adjacent PQC researchers.

Defence primes and consultancies. BAE Systems Digital Intelligence, Leonardo UK, Roke and the cyber arms of the Big Four are all running PQC migration practices serving HMG and critical national infrastructure. Cleared PQC architects are the scarcest commodity here.

Financial services. HSBC, Barclays, NatWest Group, Lloyds Banking Group, Standard Chartered and the Bank of England are all hiring PQC migration architects and engineers. The Bank of England has been particularly vocal about cryptographic agility in its operational resilience guidance, and the major banks now treat PQC readiness as a board-level matter. London is the centre of gravity, with secondary hubs in Edinburgh and Manchester.

Infrastructure and PQC specialists. Cloudflare UK has been deploying hybrid PQC TLS in production for several years and continues to hire cryptography engineers in London. UK PQC vendors include Arqit Quantum (London-listed, focused on symmetric key agreement), Post-Quantum Ltd (London, identity and PQC VPN), PQShield (Oxford, IP cores and software libraries) and KETS Quantum Security (Bristol, on the QKD side but recruiting PQC integrators). Telcos — BT, Vodafone, and the network-equipment side of Ericsson UK and Nokia UK — are quietly building PQC teams to handle telecoms-core migration.

Skills UK Employers Are Asking For

The job specs have converged on a fairly consistent shopping list in 2026. Most postings expect a working subset of:

• NIST PQC algorithms — ML-KEM (Kyber) for KEM, ML-DSA (Dilithium) and FN-DSA (Falcon) for signatures, SLH-DSA (SPHINCS+) as a hash-based backstop, plus awareness of HQC and the ongoing "round 4" candidates.

• Cryptographic agility — designing systems so that algorithms, parameters and key sizes can be swapped without re-architecting. CBOM tooling (CycloneDX crypto extensions) is increasingly mentioned.

• OpenSSL / BoringSSL / liboqs integration — patching, building and benchmarking PQC-enabled TLS stacks. Familiarity with the IETF hybrid key exchange drafts is expected.

• TLS 1.3 hybrid mode — X25519+ML-KEM hybrids in particular, plus the operational realities (handshake size, MTU, middlebox tolerance).

• HSM integration — getting PQC keys into and out of nCipher, Thales, AWS CloudHSM and Azure Key Vault, and understanding FIPS 140-3 certification timelines for PQC modules.

• Side-channel awareness — constant-time implementation, masking, and at least a reading-level familiarity with the lattice attack literature.

• PKI and certificate lifecycle — X.509 with PQC signatures, certificate transparency implications, ACME extensions.

• Programme and risk skills — for architect roles, the ability to translate the NCSC roadmap into a defensible board-level migration plan.

A maths or computer science degree with a cryptography element helps, but is not strictly required for engineering roles; demonstrated work on liboqs, OpenSSL forks, or PQC bake-offs counts for a lot.

How to Transition From Traditional Cryptography or InfoSec

Three transition paths are working well in 2026.

From classical cryptography. Cryptographers already working on RSA, ECC, TLS or PKI have the shortest jump. The main upskilling is in lattice mathematics (LWE, Module-LWE, NTRU) and the practical performance characteristics of PQC primitives. A few months of liboqs work and a contribution to an open hybrid TLS stack is usually enough to be hireable.

From security engineering. Application security engineers, AppSec leads and platform security engineers can move into PQC migration engineering by leaning on their existing knowledge of TLS, PKI, HSMs and certificate lifecycle, and adding the algorithm-specific layer on top. The Open Quantum Safe project's documentation is a good starting point, and Royal Holloway's part-time MSc in Information Security has a strong cryptography track.

From quantum hardware or research. Physicists and quantum engineers crossing over from QKD or hardware teams (including from KETS in Bristol or the various NQCC-affiliated groups) tend to land in research-flavoured roles at NCSC, PQShield or the academic PQC groups. The gap to close is software engineering discipline rather than mathematics.

Clearance is the single biggest accelerator for UK-only candidates. SC clearance opens defence primes and most government adjacent work; DV is required for the deepest NCSC and GCHQ roles and is worth pursuing if you are eligible.

Frequently Asked Questions: PQC Jobs UK

Is the NCSC really mandating PQC by 2030?

Not quite — the headline date in the NCSC's published roadmap is 2035 for full migration, with 2028 (discovery and planning) and 2031 (high-priority upgrades) as the interim milestones. The "2030" shorthand comes from the 2031 milestone slipping into general industry conversation. For regulated sectors the 2031 date is the one that drives hiring plans.

Do I need a PhD to work in PQC?

For research roles at NCSC, PQShield or in academia, generally yes or equivalent published work. For engineering, migration architecture and most bank roles, no — a strong software engineering background with demonstrable cryptography work is typically sufficient.

What clearance do I need for UK PQC roles?

It varies. Cloudflare UK, the banks and most vendor roles need no clearance. Defence primes typically want SC. NCSC and GCHQ roles, and some Bank of England and CNI-adjacent work, require DV and sole UK nationality.

Is London the only hub?

It is the largest, but Cheltenham (NCSC, GCHQ and their supply chain), Bristol (KETS, university PQC research), Oxford (PQShield) and Edinburgh (NatWest, financial services) are all credible secondary hubs. Hybrid working is the norm at the banks and at Cloudflare UK; cleared roles are usually more office-bound.

How does PQC pay compare to general cyber security?

Roughly a 15–25% premium over equivalent-seniority general cyber security roles in 2026, on our read of the postings — though sample sizes are small and the premium may compress as the talent pool grows.

Should I learn Kyber/Dilithium or wait for the next round?

Learn ML-KEM (Kyber) and ML-DSA (Dilithium) first — they are the standardised primitives every UK migration plan is being built around. SLH-DSA (SPHINCS+) is worth understanding as a hash-based fallback. HQC and the IETF hybrid drafts are sensible follow-ons. The fundamentals of lattice-based cryptography will transfer to whatever comes next.

Summary

Post-quantum cryptography has moved from a research curiosity to a UK-wide engineering programme in the space of about three years. The NCSC's 2028/2031/2035 roadmap, the finalised NIST standards, and the "harvest now, decrypt later" threat together explain why NCSC, the tier-1 banks, defence primes and UK PQC vendors are all hiring into 2026. Salary bands run from roughly £55,000 for juniors to £200,000+ for principals, with cleared contractor day rates of £900–£1,400 reflecting genuine scarcity. If you already work in classical cryptography, security engineering or quantum hardware, the transition path is real and the window — through 2028 in particular — is unusually favourable.

Browse current post-quantum cryptography jobs in the UK at quantumcomputingjobs.co.uk — the UK's specialist board for quantum, PQC and quantum-safe roles in London, Cheltenham, Bristol and beyond.