Security/Certification Engineer - FIPS/CC (Mobile Devices)

FocusKPI is looking for aSecurity/Certification Engineer - FIPS/CC (Mobile Devices)to join one of our clients, a high-tech SaaS company.

The client team is looking for an individual with experience in the common criteria evaluations of IT products and who has experience with FIPS validation of cryptographic modules ( FIPS 140-3). This person will be responsible forthe end-end validation of the products (performing initial assessment of the security functions and specifications; consult with various teams in the development of the process, design, and documentation required for the common criteria evaluations of their Mobile Device products and the FIPS 140-2/3 accreditation of our cryptographic modules.

**No C2C resumes are considered**

Work Location:Remote position
Duration:6 months with a high potential for extension depending on your performance.There may also be a future opportunity to convert to a full-time position, based on the candidate's performance and the team's needs.
Pay Range:$75/hr to $86/hr

Responsibilities:

• Develop the security target for their products, assist with the testing and documentation, and work with the necessary engineering teams during the evaluation.
• Develop plans and procedures using applicable security controls, including NIAP Protection Profiles (MDFPP, VPN, WLAN, Biometric enrollment, and verification); assist with the CAVP algorithm testing; draft and review the security policies for their cryptographic modules according to the FIPS 140-3 specifications; possess information around the DCID 6/3, DoD 8500, or NIST SP 800-53.
• Assist in the development and review of all test reports and required certification documentation for all the Common Criteria evaluations and FIPS 140-2/3 accreditation.
• Experience building testing environments, performing testing, and reporting results (technical writing) for all of the standard criteria and FIPS evaluations.
• Develop mitigation strategies to address vulnerabilities uncovered during security testing, and assist with completing all the required documentation to meet the specifications and certification requirements, as required.
• Perform vulnerability analysis of product or system designs against applicable security criteria using standard tools, including Nessus, NMAP, and Wireshark.
• Project POC with the Internal/External audience when required.

• 5+ years of technical experience in Common Criteria evaluations, NIAP-managed Common Criteria Evaluation and Validation Scheme (CCEVS or Scheme) of any product in the US scheme. Knowledge of mobile devices and Software is highly preferred.
• Bachelor's Degree in Electrical Engineering, Computer/Information Science, Information Assurance/Cybersecurity, or equivalent degree (Master's Degree preferred).
• Knowledge of standard security-related protocols and their design (i.e., SSH, IPsec, TLS, etc.)
• Be highly proficient in standards likeFIPS 186-4/5, SP 800-186, SP800-90B, and the FIPS 140-3 requirements, and have knowledge around the cryptographic encryption algorithms, key exchange algorithms, hashing/message authentication algorithms, PKI, and random number generators.
• Self-motivated individual with the ability to thrive in a team-based or independent environment.
• Detail-oriented with strong organization skills.
• Ability to work in a fast-paced environment.
• Limited supervision and the exercise of discretion.
• Ability to comprehend security standard requirements and specifications and apply them to products.
• Excellent communication (written/verbal) skills and analytical skills.

Thank you!

FocusKPI Hiring Team

Founded in 2010, FocusKPI, Inc. (FocusKPI) is a data science and technology firm specializing in predictive analytics practice and methodologies. FocusKPI is a US company headquartered in Silicon Valley, California, with an East Coast office in Boston, Massachusetts.

NOTICE: Please be aware of fraudulent emails regarding job postings, job offers and fake checks. FocusKPI's recruiting team will strictly reach out via @focuskpi.com email domain. If you have received fraudulent emails now or in the past, please report it to https://reportfraud.ftc.gov/ .
The domain @focuskpijobs.com is fraudulent and not related to FocusKPI. Please do not not reply or communicate to anyone with @focuskpijobs.com.