Searching for Security Engineer, FIPS/CC (Mobile Devices) for Mobile Device company

Company: OSI Engineering
Location: Mountain View
Posted on: February 2, 2025

Job Description:

A global device company is seeking a highly skilled and experienced individual to lead security and certification initiatives, particularly in achieving FIPS validation of cryptographic modules (FIPS 140-3) and Common Criteria certification for IT products. This is a hands-on role with significant collaboration opportunities within the Mobile Experience Security division and other global security teams.

Find out if this opportunity is a good fit by reading all of the information that follows below.



Responsibilities:

Lead the end-to-end validation process for IT products, including:
Initial assessment of security functions and specifications.
Development of security targets for products.
Testing, documentation, and consultation with engineering teams.
Develop and review security targets, plans, and procedures aligned with applicable security controls such as NIAP Protection Profiles (e.g., MDFPP, VPN, WLAN, Biometric Enrollment/Verification).
Assist with CAVP algorithm testing and draft/review security policies for cryptographic modules following FIPS 140-3 specifications.
Create and review certification documentation for Common Criteria evaluations and FIPS 140-2/3 accreditation.
Build and manage testing environments, perform testing, and generate technical reports for Common Criteria and FIPS evaluations.
Perform vulnerability analysis on product/system designs against applicable security criteria using tools like Nessus, NMAP, and Wireshark.
Develop mitigation strategies for vulnerabilities identified during security testing.
Act as the primary project point of contact (POC) for internal and external stakeholders.



Required Skillset:

5+ years of technical experience with Common Criteria evaluations under the NIAP-managed Common Criteria Evaluation and Validation Scheme (CCEVS) for U.S. products. Hands-on experience with FIPS 140-3 validation.
Expertise in cryptographic encryption algorithms, key exchange protocols, PKI, random number generators, and hashing/message authentication algorithms.
Proficiency in vulnerability analysis tools such as Nessus, NMAP, and Wireshark.
Proficiency in FIPS 186-4/5, SP 800-186, SP 800-90B, and FIPS 140-3 requirements.
Knowledge of security protocols (e.g., SSH, IPsec, TLS).
Strong technical writing skills and ability to document testing processes and results.
Ability to comprehend and apply security standard requirements to product development.
Bachelor's Degree in Electrical Engineering, Computer/Information Science, Information Assurance/Cybersecurity, or equivalent degree (Master's Degree preferred).



Type: Contract

Duration: 12+ months

Location: Mountain View, CA (Hybrid)

Pay Rate Range: $80-$95/hr

Keywords: OSI Engineering, Santa Rosa , Searching for Security Engineer, FIPS/CC (Mobile Devices) for Mobile Device company, IT / Software / Systems , Mountain View, California