OSI Engineering

Compensation

Full Description

A global device company is seeking a highly skilled and experienced individual to lead security and certification initiatives, particularly in achieving FIPS validation of cryptographic modules (FIPS 140-3) and Common Criteria certification for IT products. This is a hands-on role with significant collaboration opportunities within the Mobile Experience Security division and other global security teams. Responsibilities: • Lead the end-to-end validation process for IT products, including: • Initial assessment of security functions and specifications. • Development of security targets for products. • Testing, documentation, and consultation with engineering teams. • Develop and review security targets, plans, and procedures aligned with applicable security controls such as NIAP Protection Profiles (e.g., MDFPP, VPN, WLAN, Biometric Enrollment/Verification). • Assist with CAVP algorithm testing and draft/review security policies for cryptographic modules following FIPS 140-3 specifications. • Create and review certification documentation for Common Criteria evaluations and FIPS 140-2/3 accreditation. • Build and manage testing environments, perform testing, and generate technical reports for Common Criteria and FIPS evaluations. • Perform vulnerability analysis on product/system designs against applicable security criteria using tools like Nessus, NMAP, and Wireshark. • Develop mitigation strategies for vulnerabilities identified during security testing. • Act as the primary project point of contact (POC) for internal and external stakeholders. • Required Skillset: • 5+ years of technical experience with Common Criteria evaluations under the NIAP-managed Common Criteria Evaluation and Validation Scheme (CCEVS) for U.S. products. Hands-on experience with FIPS 140-3 validation. • Expertise in cryptographic encryption algorithms, key exchange protocols, PKI, random number generators, and hashing/message authentication algorithms. • Proficiency in vulnerability analysis tools such as Nessus, NMAP, and Wireshark. • Proficiency in FIPS 186-4/5, SP 800-186, SP 800-90B, and FIPS 140-3 requirements. • Knowledge of security protocols (e.g., SSH, IPsec, TLS). • Strong technical writing skills and ability to document testing processes and results. • Ability to comprehend and apply security standard requirements to product development. • Bachelor's Degree in Electrical Engineering, Computer/Information Science, Information Assurance/Cybersecurity, or equivalent degree (Master's Degree preferred). Type: Contract Duration: 6 months with possibility to extend Location: Remote Pay Rate Range: $75.30 - $86.10 Remote Skills: Algorithms, Authentication, Certification Evaluation, Computer Science, Computer Security, Cryptography, Cryptography Algorithms, Documentation, Electrical Engineering, FIPS (Federal Information Processing Standards) 140, FIPS (Federal Information Processing Standards) 140-2, Federal Information Processing Standards (FIPS), IPsec (IP Security), Information Science, Information/Data Security (InfoSec), Internet Security, Mobile Devices, NMap, National Information Assurance Partnership (NIAP), Nessus, Product Design, Product Development, Public Key Infrastructure (PKI), Quality Assurance Methodology, Reporting Skills, SSH (Secure Shell), SSL-TLS (Secure Socket Layer - Transport Layer Security), Security Analysis, Security Protocols, Strategic Planning, Technical Writing, Test Plan/Schedule, Testing, VPN (Virtual Private Network), Wireless LAN, Wireshark (Ethereal), Writing Skills About the Company: OSI Engineering