Searching for Security Engineer, FIPS/CC (Mobile Devices) for Mobile Device company

Direct message the job poster from OSI Engineering

A global device company is seeking a highly skilled and experienced individual to lead security and certification initiatives, particularly in achieving FIPS validation of cryptographic modules (FIPS 140-3) and Common Criteria certification for IT products. This is a hands-on role with significant collaboration opportunities within the Mobile Experience Security division and other global security teams.

• Responsibilities:Lead the end-to-end validation process for IT products, including:
• Initial assessment of security functions and specifications.
• Development of security targets for products.
• Testing, documentation, and consultation with engineering teams.
• Develop and review security targets, plans, and procedures aligned with applicable security controls such as NIAP Protection Profiles (e.g., MDFPP, VPN, WLAN, Biometric Enrollment/Verification).
• Assist with CAVP algorithm testing and draft/review security policies for cryptographic modules following FIPS 140-3 specifications.
• Create and review certification documentation for Common Criteria evaluations and FIPS 140-2/3 accreditation.
• Build and manage testing environments, perform testing, and generate technical reports for Common Criteria and FIPS evaluations.
• Perform vulnerability analysis on product/system designs against applicable security criteria using tools like Nessus, NMAP, and Wireshark.
• Develop mitigation strategies for vulnerabilities identified during security testing.
• Act as the primary project point of contact (POC) for internal and external stakeholders.
• Required Skillset:
• 5+ years of technical experience with Common Criteria evaluations under the NIAP-managed Common Criteria Evaluation and Validation Scheme (CCEVS) for U.S. products. Hands-on experience with FIPS 140-3 validation.
• Expertise in cryptographic encryption algorithms, key exchange protocols, PKI, random number generators, and hashing/message authentication algorithms.
• Proficiency in vulnerability analysis tools such as Nessus, NMAP, and Wireshark.
• Proficiency in FIPS 186-4/5, SP 800-186, SP 800-90B, and FIPS 140-3 requirements.
• Knowledge of security protocols (e.g., SSH, IPsec, TLS).
• Strong technical writing skills and ability to document testing processes and results.
• Ability to comprehend and apply security standard requirements to product development.
• Bachelor's Degree in Electrical Engineering, Computer/Information Science, Information Assurance/Cybersecurity, or equivalent degree (Master's Degree preferred).

Type: Contract

Duration: 6 months with possibility to extend

Location: Remote

Pay Rate Range: $75.30 - $86.10

• Seniority level
  Mid-Senior level

• Employment type
  Contract

• Industries
  Software Development and Computer and Network Security

Referrals increase your chances of interviewing at OSI Engineering by 2x

Allen, TX $89,865.00-$155,767.00 19 hours ago

United States $90,000.00-$110,000.00 3 months ago

Washington, DC $110,000.00-$165,000.00 5 months ago

St Louis, MO $100,000.00-$135,000.00 1 week ago

United States $115,000.00-$145,000.00 2 weeks ago

United States $72,200.00-$114,500.00 1 hour ago

United States $160,000.00-$190,000.00 2 weeks ago

United States $135,000.00-$175,000.00 12 months ago

Columbus, OH $95,000.00-$128,000.00 1 week ago

South Carolina, United States 2 weeks ago

Reston, VA $110,000.00-$130,000.00 4 months ago

We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.