Senior Security Evaluator at SGS

Columbia, Maryland, United States -

Full Time

Start Date

Immediate

Expiry Date

13 Jan, 26

Salary

98000.0

Posted On

15 Oct, 25

Experience

5 year(s) or above

Remote Job

Yes

Telecommute

Yes

Sponsor Visa

Skills

Security Compliance Analysis, Vulnerability Analysis, Test Plans Development, Documentation Analysis, Source Code Analysis, Mitigation Strategies, Security Testing, Cryptographic Algorithms, Operating Systems, Networking, Database Systems, Programming Languages, Computer Systems Architectures, Team Leadership, Mentoring, Technical Controls

Industry

Professional Services

Description

Company Description SGS is the global leader and innovator in inspection, verification, testing and certification services. Founded in 1878, SGS is recognized as the global benchmark in quality and integrity. With over 97,000 employees in 130 countries and operating a network of more than 2,400 offices and laboratories, we provide services to almost every industry by assuring quality and safety of products and services. Trusted all over the world, SGS is a market leader because we put 100% passion, pride and innovation into everything we do. We encourage new ideas. We welcome people who challenge the way we do things. And we will be 100% committed to helping you reach your full potential. Job Description A senior engineer must be well versed in, but not limited to, operating systems, data structures, design/analysis of algorithms, database systems, programming languages, computer systems architectures, and networking and will be responsible to work independently as well as lead teams and mentor junior engineers to conduct security compliance analysis or testing of operational, management, and technical controls for IT products, including COTS and GOTS, networks, and systems. This may include: Develop test plans and procedures using applicable security control catalog, including DCID 6/3, DoD 8500, or NIST SP 800-53; Perform security testing and vulnerability analysis of product or system designs against applicable security criteria using common tools such as Nessus, NMAP, and WireShark; Perform other evaluation activities, including but not limited to documentation and source code analysis, where applicable; Develop security testing and other evaluation reports to detail the findings noted during testing and other evaluation activities; Develop mitigation strategies to address vulnerabilities uncovered during security testing; facilitate and coordinate development of or updates to security documentation to meet certification and authorization requirements as required; Work effectively and efficiently either alone and with other team members to accomplish the tasks summarized above; and, Work with the organization managers to help identify and implement changes that could improve the overall effectiveness of the organization. Qualifications Education and ExperienceEducation Requirement Bachelor’s degree, science or computer degree preferred. 5+ years of experience, training, knowledge, or familiarity in the following areas: 17CAV, 17CMH, and 17CMS Validation Program’s programmatic guidance and management documents The cryptographic algorithms listed in FIPS 140-2 annexes Random bit generators and entropy requirements Key establishment methods and concepts Specification of the module (e.g. hardware, software, hybrid, and/or firmware) Module ports and interfaces; Trusted path and direct entry methods; Specification of roles and services; Authentication methods (role and identity-based) and strengths Bypass mechanisms and concepts Finite state machine model analysis Development of test jigs, software debuggers, binary editors, compilers, and software diagnostic tools Software design specification, including high-level languages Operating system and concepts (e.g., Microsoft, UNIX, LINUX, ARM, Apple, etc.) Key management techniques and concepts Zeroization methods Key entry and output The cryptographic protocols, including, but not limited to, SSL, TLS, IKE, SSH, OTAR, etc. FCC EMI/EMC Class A and Class B requirements and intentional emitters such as radio devices Cryptographic self-test techniques, including, but not limited to, power-up, conditional tests, known answer tests, integrity tests, load and bypass tests, etc. Design assurance, such as configuration management, delivery, operation, and development Mitigation of other attack mechanisms Security policy requirements (e.g. FIPS 140-2 Appendix C) 17 CMH1 Security Levels 1 to 3 Production grade, tamper-evident, and tamper detection techniques Hardware implementations and technologies associated with single-chip and multi-chip embodiments Epoxies, potting materials, adhesives (e.g. tamper-evident labels), and their chemical properties Electrical design, schematics, and concepts, including logic design and HDL representations Skills associated with tamper mitigation methods and performing test methods of compromising tamper protection mechanisms 17CMH2 Security Level 4 Voltage and temperature measurement (Environmental Failure Protection/Environmental Failure Testing (EFP/EFT)) Tamper detection/response envelopes Formal modeling method 17 CMS1 Security Levels 1 to 3 Evaluated operating systems under the Common Criteria EAL2 through EAL3 or equivalents 17CMS2 Security Level 4 Evaluated operating systems under the Common Criteria EAL4 or equivalent Pay Range: $73,500-$98,000/ year Additional Information Benefits Competitive salary. Comprehensive health, dental, and vision insurance for full time employees. Retirement savings plan. Continuous professional development and training opportunities. A dynamic, collaborative work environment. Access to cutting-edge cryptographic technology and tools. Physical Demands of the Job Stand: Occasionally Move or traverse: Frequently Sit: Constantly Use hands: Constantly Reach with hands and arms: Occasionally Climb or balance: Occasionally Stoop, kneel, crouch or crawl: Occasionally Talk/hear: Constantly Taste/Smell: Occasionally Lift/carry/push or pull: Occasionally 30 lbs Additional information SGS is an Equal Opportunity Employer, and as such we recruit, hire, train, and promote persons in all job classifications without regard to race, color, religion, sex, national origin, disability, age, marital status, sexual orientation, gender identity or expression, genetics, status as a protected veteran, or any other characteristics protected by law. To perform this job successfully, an individual must be able to perform each essential duty satisfactorily with or without reasonable accommodations. The requirements listed above are representative of the knowledge, skills, and/or abilities required. This job description should not be construed as an exhaustive statement of duties, responsibilities or requirements, but a general description of the job. Nothing contained herein restricts the company’s rights to assign or reassign duties and responsibilities to this job at any time. If you are applying for a position within the United States and you have difficulty completing the on-line employment application because of a disability, please call 201-508-3149 for assistance and leave a message. You will receive a callback. Please note, this phone number is not for general employment information but is only for individuals who are experiencing difficulty applying for a position due to a disability.

Responsibilities

The Senior Security Evaluator will lead teams and mentor junior engineers in conducting security compliance analysis and testing of IT products. Responsibilities include developing test plans, performing security testing, and creating evaluation reports.