Security/Certification Engineer - FIPS/CC (Mobile Devices)

FocusKPI is looking for a Security/Certification Engineer - FIPS/CC (Mobile Devices) to join one of our clients, a high-tech SaaS company.

The client team is looking for an individual with experience in the common criteria evaluations of IT products and who has experience with FIPS validation of cryptographic modules (FIPS 140-3). This person will be responsible for the end-to-end validation of the products, performing initial assessments of the security functions and specifications; consulting with various teams in the development of the process, design, and documentation required for the standard criteria evaluations of their Mobile Device products and the FIPS 140-2/3 accreditation of our cryptographic modules.

Work Location: Mountain View, CA
Duration: 12-month contract; hybrid role (on-site 3 days a week)
Pay Range: $75/hr to $86/hr

Responsibilities:

• Develop the security target for their products, assist with the testing and documentation, and work with the necessary engineering teams during the evaluation.
• Develop plans and procedures using applicable security controls, including NIAP Protection Profiles (MDFPP, VPN, WLAN, Biometric enrollment, and verification); assist with the CAVP algorithm testing; draft and review the security policies for their cryptographic modules according to the FIPS 140-3 specifications; possess information around the DCID 6/3, DoD 8500, or NIST SP 800-53.
• Assist in the development and review of all test reports and required certification documentation for all the Common Criteria evaluations and FIPS 140-2/3 accreditation.
• Experience building testing environments, performing testing, and reporting results (technical writing) for all of the standard criteria and FIPS evaluations.
• Develop mitigation strategies to address vulnerabilities uncovered during security testing, and assist with completing all the required documentation to meet the specifications and certification requirements, as required.
• Perform vulnerability analysis of product or system designs against applicable security criteria using standard tools, including Nessus, NMAP, and Wireshark.
• Project POC with the Internal/External audience when required.

Qualifications:

• 5+ years of technical experience in Common Criteria evaluations, NIAP-managed Common Criteria Evaluation and Validation Scheme (CCEVS or Scheme) of any product in the US scheme. Knowledge of mobile devices and Software is highly desirable.
• Bachelor's Degree in Electrical Engineering, Computer/Information Science, Information Assurance/Cybersecurity, or equivalent degree (Master's Degree preferred).
• Knowledge of standard security-related protocols and their design (i.e., SSH, IPsec, TLS, etc.).
• Be highly proficient in FIPS 186-4/5, SP 800-186, SP800-90B, and the FIPS 140-3 requirements and have knowledge around the cryptographic encryption algorithms, key exchange algorithms, hashing/message authentication algorithms, PKI, and random number generators.
• Self-motivated individual with the ability to thrive in a team-based or independent environment.
• Detail-oriented with strong organization skills.
• Ability to work in a fast-paced environment.
• Limited supervision and the exercise of discretion.
• Ability to comprehend security standard requirements and specifications and apply them to products.
• Excellent communication (written/verbal) skills and analytical skills.

Thank you!

FocusKPI Hiring Team