Searching for Security Engineer, FIPS/CC (Mobile Devices) for Mobile Device company

1 week ago Be among the first 25 applicants

Direct message the job poster from OSI Engineering

A global device company is seeking a highly skilled and experienced individual to lead security and certification initiatives, particularly in achieving FIPS validation of cryptographic modules (FIPS 140-3) and Common Criteria certification for IT products. This is a hands-on role with significant collaboration opportunities within the Mobile Experience Security division and other global security teams.

• Responsibilities: Lead the end-to-end validation process for IT products, including:
• Initial assessment of security functions and specifications.
• Development of security targets for products.
• Testing, documentation, and consultation with engineering teams.
• Develop and review security targets, plans, and procedures aligned with security controls such as NIAP Protection Profiles (e.g., MDFPP, VPN, WLAN, Biometric Enrollment/Verification).
• Assist with CAVP algorithm testing and draft/review security policies for cryptographic modules following FIPS 140-3 specifications.
• Create and review certification documentation for Common Criteria evaluations and FIPS 140-2/3 accreditation.
• Build and manage testing environments, perform testing, and generate technical reports for evaluations.
• Perform vulnerability analysis on product/system designs against security criteria using tools like Nessus, NMAP, and Wireshark.
• Develop mitigation strategies for vulnerabilities identified during security testing.
• Act as the primary project point of contact (POC) for stakeholders.

• Required Skillset:
• 5+ years of experience with Common Criteria evaluations under CCEVS for U.S. products, with hands-on experience in FIPS 140-3 validation.
• Expertise in cryptographic algorithms, key exchange protocols, PKI, random number generators, and hashing/message authentication algorithms.
• Proficiency in vulnerability analysis tools like Nessus, NMAP, and Wireshark.
• Knowledge of FIPS standards (186-4/5, 800-186, 800-90B, 140-3).
• Understanding of security protocols such as SSH, IPsec, TLS.
• Strong technical writing skills for documenting testing processes and results.
• Bachelor's Degree in Electrical Engineering, Computer/Information Science, Cybersecurity, or related field; Master’s preferred.

Type: Contract

Duration: 6 months with possibility to extend

Location: Remote

Pay Rate Range: $75.30 - $86.10

• Mid-Senior level

• Contract

• Software Development and Computer and Network Security