Experience with security evaluations and certification documentation (Common Criteria, FIPS 140-2/3).
Knowledge of NIAP Protection Profiles and security controls (MDFPP, VPN, WLAN, Biometric enrollment and verification) and familiarity with FIPS 140-3 requirements.
Experience building testing environments, conducting tests, and producing technical writing for security evaluations.
Proficiency in vulnerability analysis using tools such as Nessus, NMAP, and Wireshark; ability to develop mitigation strategies.
Requirements:
Develop the security target for our products, assist with testing, documentation and coordination with engineering teams during evaluations.
Develop plans and procedures using applicable security controls, including NIAP Protection Profiles (MDFPP, VPN, WLAN, Biometric enrollment and verification); assist with CAVP algorithm testing, and draft/review security policies for cryptographic modules according to FIPS 140-3 specifications (DCID 6/3, DoD 8500, and NIST SP 800-53).
Assist in the development and review of all test reports and required certification documentation for Common Criteria evaluations and FIPS 140-2/3 accreditation.
Perform vulnerability analysis of product or system designs against applicable security criteria using common tools, including Nessus, NMAP, and Wireshark.
Job description
Enter Job Description.
100% Remote Role.
Develop the security target for our products, assist with the testing,documentation and working with the necessary engineering teams during the evaluation.
Develop plans and procedures using applicable security controls, including NIAP Protection Profiles (MDFPP, VPN, WLAN, Biometric enrollment, and verification), assist with the CAVP algorithm testing ,drafting and review of the security policies for our cryptographic modules according to the FIPS 140-3 specifications, possess information around the DCID 6/3, DoD 8500, or NIST SP 800-53.
Assist in the development and review of all test reports and required certification documentation for all the Common Criteria evaluations and FIPS 140-2/3 accreditation.
Experience building testing environments, performing testing and reporting results (technical writing) for all of the common criteria and FIPS evaluations.
Develop mitigation strategies to address vulnerabilities uncovered during security testing; and assist with completing all the required documentation to meet the specifications and certification requirements, as required.
Perform vulnerability analysis of product or system designs against applicable security criteria using common tools, including Nessus, NMAP, and Wireshark.
Project POC with Internal/External audience when required.
EEO Employer LanceSoft is a certified Minority Business Enterprise (MBE) and an equal opportunity employer. We prohibit discrimination and harassment of any kind based on race, color, sex, religion, sexual orientation, national origin, disability, genetic information, pregnancy, or any other protected characteristic as outlined by federal, state, or local laws.
This policy applies to all employment practices within our organization, including hiring, recruiting, promotion, termination, layoff, recall, leave of absence, compensation, benefits, training, and apprenticeship. LanceSoft makes hiring decisions based solely on qualifications, merit, and business needs at the time.
