Security Engineer
Role details
Job location
Tech stack
Job description
- Support FIPS 140 validation projects across multiple technology and product types.
- Perform general security analysis and product architecture evaluations.
- Conduct vulnerability testing and physical security testing activities.
- Perform system-level logical analysis and product evaluations against applicable technology standards and Protection Profiles.
- Execute cryptographic and Public Key Infrastructure (PKI) testing activities.
- Perform cryptographic algorithm validation and testing.
- Conduct source code reviews and security analysis activities.
- Develop and maintain technical reports and validation documentation.
- Create automation scripts and applications to support testing activities and test case execution.
- Develop tools and scripts to improve testing efficiency and repeatability.
- Build and maintain testing environments and supporting lab infrastructure.
- Analyze testing results and provide technical recommendations.
- Support design reviews and product architecture assessments.
Requirements
-
Experience with Python programming language.
-
Experience with debugging tools and methodologies including:
-
Android Debug Bridge (ADB)
-
WinDBG
-
Visual Studio debugging tools
Experience performing statistical analysis of entropy sources.
Knowledge of cryptographic encryption algorithms.
Knowledge of key exchange algorithms and hashing/message authentication algorithms.
Understanding of Public Key Infrastructure (PKI) concepts and implementations.
Knowledge of random number generators and entropy generation techniques.
Experience with one or more programming languages including:
- C
- C++
- Python
- Java
Ability to interpret and apply security standard requirements to commercial products.
Experience configuring test environments and laboratory systems.
Understanding of networking fundamentals including:
- TCP/IP
- Subnetting
- Routing
Knowledge of secure communication protocols including:
- SSH
- IPsec
- TLS
Experience performing testing, documenting results, and technical report writing.
Strong troubleshooting and analytical problem-solving skills.
Experience with scripting and testing automation.
Preferred / Nice-to-Have Skills
-
Cryptographic Validation Program (CVP) Certification.
-
Knowledge of OpenSSL and/or OpenPGP.
-
Vulnerability assessment or penetration testing experience.
-
Strong understanding of computer security principles and industry best practices.
-
Knowledge of Active Directory and Linux administration.
-
Experience with X.509 certificate validation.
-
Experience with laboratory and electrical testing equipment including:
-
Oscilloscopes
-
Function generators
-
Multi-meters
-
Signal generators
Industry certifications including:
- CCNA
- CCNP
- CCIE
- JNCIA
- JNCIS
- JNCIP
- JNCIE, * Bachelor''s degree in Computer Science, Cybersecurity, Information Assurance, Electrical Engineering, Computer Engineering, or a related technical discipline.
- Typically requires a Bachelor''s degree with 2-4 years of relevant professional experience.
- Strong multitasking, organization, and time management skills.
- Strong written and verbal communication skills.
- Ability to work effectively in a collaborative laboratory and testing environment.