Job #: R-00164041
Location: Columbia, Maryland
Category: Information Assurance
Schedule (FT/PT): Full Time
Travel Required: No
Shift: Day
Remote Type: Hybrid Remote
Clearance: None
External Referral Program: Ineligible
Sector: Digital Modernization
Description
Leidos is searching for a highly motivated product tester to support Common Criteria evaluation efforts with Leidos’ Accredited Testing & Evaluation (AT&E) Laboratory. The ideal candidate is an independent performer who can perform commercial off-the-shelf (COTS) IT product security tests with minimal supervision, including devising product-specific test procedures and performing any configuration procedures necessary to enable the execution of tests. The candidate is also expected to interact with product developers and other technical staff to develop necessary product knowledge and assist in troubleshooting when tests cannot be successfully executed. General IT product knowledge such as networking, operating systems, communications security, identity and access management, and PKI is essential. This is a fast-paced position requiring time management skills to perform multiple product certification efforts in parallel and a thorough understanding of how product security requirements may apply to a wide variety of hardware and software products. The ideal candidate is also able to assist with setup and maintenance of laboratory infrastructure. Software development or DevOps experience a plus. Previous experience with Common Criteria certification or related standards (FIPS 140, FedRAMP, NIST SP 800-53) is desirable. A minimum of two years of professional experience and a bachelors degree in a technical discipline related to computer science, mathematics, or information technology is required. Alternatively, additional years of related professional experience may be accepted in lieu of formal education.
This position will be based in Columbia, MD. Telework is acceptable but the preferred candidate can be in-office for regular periods as needed to support efforts that must be performed locally.

BASIC QUALIFICATIONS:

• Familiarity with general IT security products and their operation (e.g., routers/switches, firewalls, IDS, operating systems, software applications, mobile devices)
• General knowledge of the role that various IT products and concepts serve in information security (e.g., full disk encryption, mobile device management, remote access/VPN, etc.)
• Experience with software development lifecycle methods (e.g., agile) and tools (e.g., Subversion, GitLab, Confluence, JIRA)
• Strong applied knowledge of network, transport, and application layer communications and security (e.g., TCP/IP, TLS, IPsec, SSH, LDAP)
• Working knowledge of applied cryptography (e.g. X.509, Diffie-Hellman, PKI)
• Strong customer-facing oral and written communication skills

PREFERRED QUALIFICATIONS:

• Previous experience with Common Criteria or other IT product security evaluation standards (e.g., FIPS 140, FedRAMP, NIST SP 800-53)
• One or more technical professional certifications related to information technology communications or security (e.g., CEH, CCNA, CISSP)
• Knowledge of scripting/programming (e.g., Python) and familiarity with machine-readable data exchange methods (e.g., JSON, REST)
  Come break things (in a good way). Then build them smarter.
  We’re the tech company everyone calls when things get weird. We don’t wear capes (they’re a safety hazard), but we do solve high-stakes problems with code, caffeine, and a healthy disregard for “how it’s always been done.”

• Work with IT product vendors to determine applicability of IT product security standards to products
• Interpret IT product security standards to determine the compliance or noncompliance of product design based on research of product documentation and interviews with technical personnel
• Devise, execute, and document security functional testing to justify how tested products are compliant with IT security standards
• Conduct product troubleshooting and provide recommendations when noncompliant findings are made
• Conduct vulnerability research to determine if documented security vulnerabilities are adequately mitigated by product configuration and patch level
• Produce documentation that describes how IT products conform to security requirements
• Develop user guidance for instructions on placing products into secure configurations
• Justify completeness, consistency, accuracy, and sufficiency of product test result to third-party quality reviewers