FIPS 140-2/3 Security Assurance Engineer

Website COACT, Inc

Job description:

The Engineer will perform documentation review, source code review, and testing of hardware/software/firmware cryptographic devices to obtain a complete in-depth understanding of the security mechanisms and operations of products for validation against compliance with the Federal Information Processing Standard (FIPS) 140-2 and 140-3, Security Requirements for Cryptographic Modules.

Responsibilities include:

· Participation in FIPS 140-2 and FIPS 140-3 crypto validations,

· Configure and test network devices such as routers, switches, firewalls, IDS/IPS, etc.,

· Develop evaluation documentation,

· Prepare and execute test plans,

· Participation in technical communities,

· Participation in Gap Analysis Workshops

· Understanding the FIPS 140 standards, Derived Test Requirements (DTRs), and other related standards and guidance as it relates to the client’s product.

· Reviewing the client’s documentation and becoming familiar with the product components to be tested.

· Developing specific tests for each test element as it relates to the product.

· Performing complex analysis of product design.

· Testing and debugging cryptographic algorithms and modules including but not limited to cryptographic libraries, software applications, smart cards, and enterprise devices.

· Generate test reports.

Required Qualifications

· 1- 2 years of general lab experience and 1-year specialized experience validating products.[RS1] General experience includes multiple aspects of cryptography, including experience from the mathematical disciplines and the demonstrated ability to work independently or under only general supervision.

· Specialized experience includes analyzing, testing, or developing symmetric and public-key cryptographic algorithms including but not limited to AES, SHS, RSA, etc.

· 1-3 years of experience with FIPS 140-2

· In-depth understanding of network devices, ability to configure, deploy, and troubleshoot network and configurations

· Understanding of foundational networking protocols as well as secure communications protocols and the ability to describe correct behavior and identify anomalies

· Ability to use tools such as Wireshark, tcpdump or similar to record and analyze packet captures of network traffic

· Experience working with Unix-like operating systems (Linux, BSD, Solaris)

· Demonstrated ability to think critically and adapt to new circumstances and technology platforms

· Excellent written and verbal communication skills.

· Project management experience in a technical environment to plan, schedule and execute project tasks.

To apply for this job email your details to