Searching for Security Engineer, FIPS/CC (Mobile Devices) for Mobile Device company

A global device company is seeking a highly skilled and experienced individual to lead security and certification initiatives, particularly in achieving FIPS validation of cryptographic modules (FIPS 140-3) and Common Criteria certification for IT products. This is a hands-on role with significant collaboration opportunities within the Mobile Experience Security division and other global security teams.

• Responsibilities:Lead the end-to-end validation process for IT products, including:
• Initial assessment of security functions and specifications.
• Development of security targets for products.
• Testing, documentation, and consultation with engineering teams.
• Develop and review security targets, plans, and procedures aligned with applicable security controls such as NIAP Protection Profiles (e.g., MDFPP, VPN, WLAN, Biometric Enrollment/Verification).
• Assist with CAVP algorithm testing and draft/review security policies for cryptographic modules following FIPS 140-3 specifications.
• Create and review certification documentation for Common Criteria evaluations and FIPS 140-2/3 accreditation.
• Build and manage testing environments, perform testing, and generate technical reports for Common Criteria and FIPS evaluations.
• Perform vulnerability analysis on product/system designs against applicable security criteria using tools like Nessus, NMAP, and Wireshark.
• Develop mitigation strategies for vulnerabilities identified during security testing.
• Act as the primary project point of contact (POC) for internal and external stakeholders.
• Required Skillset:
• 5+ years of technical experience with Common Criteria evaluations under the NIAP-managed Common Criteria Evaluation and Validation Scheme (CCEVS) for U.S. products. Hands-on experience with FIPS 140-3 validation.
• Expertise in cryptographic encryption algorithms, key exchange protocols, PKI, random number generators, and hashing/message authentication algorithms.
• Proficiency in vulnerability analysis tools such as Nessus, NMAP, and Wireshark.
• Proficiency in FIPS 186-4/5, SP 800-186, SP 800-90B, and FIPS 140-3 requirements.
• Knowledge of security protocols (e.g., SSH, IPsec, TLS).
• Strong technical writing skills and ability to document testing processes and results.
• Ability to comprehend and apply security standard requirements to product development.
• Bachelor's Degree in Electrical Engineering, Computer/Information Science, Information Assurance/Cybersecurity, or equivalent degree (Master's Degree preferred).

Type: Contract

Duration: 6 months with possibility to extend

Location: Remote

Pay Rate Range: $75.30 - $86.10