Security/Certification Engineer - FIPS/CC (Mobile Devices) - focusKPI : Job Details

FocusKPI is looking for aSecurity/Certification Engineer - FIPS/CC (Mobile Devices)to join one of our clients, a high-tech SaaS company.The client team is looking for an individual with experience in the common criteria evaluations of IT products and who has experience with FIPS validation of cryptographic modules ( FIPS 140-3). This person will be responsible forthe end-end validation of the products (performing initial assessment of the security functions and specifications; consult with various teams in the development of the process, design, and documentation required for the common criteria evaluations of their Mobile Device products and the FIPS 140-2/3 accreditation of our cryptographic modules.**No C2C resumes are considered**Work Location:Remote positionDuration:6 months with a high potential for extension depending on your performance.There may also be a future opportunity to convert to a full-time position, based on the candidate's performance and the team's needs.Pay Range:$75/hr to $86/hrResponsibilities:

• Develop the security target for their products, assist with the testing and documentation, and work with the necessary engineering teams during the evaluation.
• Develop plans and procedures using applicable security controls, including NIAP Protection Profiles (MDFPP, VPN, WLAN, Biometric enrollment, and verification); assist with the CAVP algorithm testing; draft and review the security policies for their cryptographic modules according to the FIPS 140-3 specifications; possess information around the DCID 6/3, DoD 8500, or NIST SP 800-53.
• Assist in the development and review of all test reports and required certification documentation for all the Common Criteria evaluations and FIPS 140-2/3 accreditation.
• Experience building testing environments, performing testing, and reporting results (technical writing) for all of the standard criteria and FIPS evaluations.
• Develop mitigation strategies to address vulnerabilities uncovered during security testing, and assist with completing all the required documentation to meet the specifications and certification requirements, as required.
• Perform vulnerability analysis of product or system designs against applicable security criteria using standard tools, including Nessus, NMAP, and Wireshark.
• Project POC with the Internal/External audience when required.

• 5+ years of technical experience in Common Criteria evaluations, NIAP-managed Common Criteria Evaluation and Validation Scheme (CCEVS or Scheme) of any product in the US scheme. Knowledge of mobile devices and Software is highly preferred.
• Bachelor's Degree in Electrical Engineering, Computer/Information Science, Information Assurance/Cybersecurity, or equivalent degree (Master's Degree preferred).
• Knowledge of standard security-related protocols and their design (i.e., SSH, IPsec, TLS, etc.)
• Be highly proficient in standards likeFIPS 186-4/5, SP 800-186, SP800-90B, and the FIPS 140-3 requirements, and have knowledge around the cryptographic encryption algorithms, key exchange algorithms, hashing/message authentication algorithms, PKI, and random number generators.
• Self-motivated individual with the ability to thrive in a team-based or independent environment.
• Detail-oriented with strong organization skills.
• Ability to work in a fast-paced environment.
• Limited supervision and the exercise of discretion.
• Ability to comprehend security standard requirements and specifications and apply them to products.
• Excellent communication (written/verbal) skills and analytical skills.

Thank you!

FocusKPI Hiring Team

Founded in 2010, FocusKPI, Inc. (FocusKPI) is a data science and technology firm specializing in predictive analytics practice and methodologies. FocusKPI is a US company headquartered in Silicon Valley, California, with an East Coast office in Boston, Massachusetts.

NOTICE: Please be aware of fraudulent emails regarding job postings, job offers and fake checks. FocusKPI's recruiting team will strictly reach out via @focuskpi.com email domain. If you have received fraudulent emails now or in the past, please report it to .The domain @focuskpijobs.com is fraudulent and not related to FocusKPI. Please do not not reply or communicate to anyone with @focuskpijobs.com.