Senior Security Engineer Corsec Security
THIS JOB HAS EXPIRED Corsec Security is a leading expert in information security certifications. We provide analysis, documentation, and project management services to vendors seeking security certifications for their products. Our dynamic, quickly growing team is in search of talented people with the interest and skill to analyze the latest information security products, provide design consulting and analytical expertise, produce technical documents for our clients, and manage their security validation efforts from start to finish.
Our work appeals to those who love to figure out how something "works", compare product capabilities to system requirements, and document technical findings. Corsec works with state-of-the-art Information Technology hardware and software products, so our employees are constantly challenged to learn new technologies and work with product designers to make necessary security modifications.
Our work also appeals to those who like the responsibility of "running their own project", with both project management and client relationship skills involved. Corsec Security is seeking individuals with experience in cryptography, computer security, computer networking, and computer science and programming to join our team as Senior Security Engineers.
Our Senior Security Engineers spend their time analyzing the architecture, design, and security features of hardware, software, and firmware products from our clients, corresponding closely with clients via phone, email, and video conferences, interfacing with product testing labs, and producing all of the necessary documentation to submit their products to FIPS and/or Common Criteria testing labs. Our Senior Security Engineers coordinate weekly with our clients' development teams, and they monitor the progress of both development and product evaluation teams. Our Senior Security Engineers report to a Lead Engineer, but they manage their own projects throughout the entire life cycle, and they must be able to work independently with little to no supervision.
-Technical strengths in computer science, network theory, and information security.
-Expert-level understanding of computer architecture; security features, and overall workings of current hardware, software, and firmware products.
-Enthusiasm and capability to understand new IT products
-Strong oral communication and presentation skills.
-Expertise and experience in independent academic and technical writing, as evidenced in submission of original writing sample.
-Independent research skills, as evidenced by successful completion of post baccalaureate thesis project and paper or other independent research and publication of results.
-Strong analytical and problem-solving skills.
-Professional demeanor and ability to communicate effectively with clients of all levels of an organization.
-Previous consultative and/or project management experience strongly preferred.
-MS and/or Ph.D required in IT/Networking, Computer Engineering, Cyber Security or other Information Security-related field, from an accredited United States institution.
-3 to 5 years of professional experience in information technology and security required, in addition to related post baccalaureate degree.
-Experience with software and security architectures.
-Professional experience with enterprise grade equipment.
-Expert-level experience with vulnerability analysis and intrusion detection systems.
-Additional skills in cryptography, software development, and/or validation strongly preferred.
-Successful candidates must have expertise in FIPS 140-2 and Common Criteria standards, and familiarity with the UC APL process is also preferred.
-Security clearance not necessary for this position.
-This position is based in Fairfax, VA, and schedules fall within standard work hours of M-F 8:00 am to 6:00 pm.
Independent Analysis/Product Research (Up to 20%)
Detailed analysis of hardware and software cryptographic modules undergoing Federal Information Processing Standards (FIPS) 140-2 validations. Perform gap analysis and provide recommendations regarding design and source code changes required to meet the FIPS requirements.
Extensive technical research and analysis of various cryptographic algorithms (such as AES, Triple-DES, RSA, DSA, SHA-1, SHA-2, HMAC, 186-2 PRNG, SP 800-90 DRBG, ANSI X9.31 PRNG, etc.) and security protocols (such as TLS, SSH, IPsec, etc).
Examine operating system design and documentation to extract pertinent design and function information to ensure conformance to strict CC and FIPS guidelines.
Algorithm testing and debugging for various implementations of the cryptographic algorithms undergoing the FIPS validation.
Complete Security Documentation (Up to 20%)
Independently author technical reports and documentation required for the submission to the testing laboratory and Cryptographic Module Validation Program (CMVP), which is a joint effort under National Institute of Standards and Technology (NIST) and Communications Security Establishment Canada (CSEC).
Independently author technical reports and documentation required for the submission to the testing laboratory and Common Criteria scheme.
Consultation/Project Management/Leadership (Over 60%)
Perform security and compliance analysis, architecture design review, product testing and technical documentation for various Information Technology (IT) Security related products undergoing Common Criteria (CC) evaluation. Identify security flaws in hardware and software security modules and help client resolve those flaws from their products.
Interact with multiple clients and testing laboratories, and manage multiple ongoing projects and their deliverables throughout the certification or validation process.
Represent Corsec at workshops for performing FIPS & CC requirement analysis of the security products.
Provide follow-up consultative services, both on-site and in weekly conference calls, with clients to ensure accuracy of customer data and conformance to customer and testing lab deadlines with regards to documentation, algorithm testing, product listing, and certificate issuance.
Produce status reports for the customer and forward these weekly reports to executive management.
Independently address any customer issues; research and answer any security queries that the lab may have regarding the product or documentation.
Manage the validation process from start to finish; independently producing all documentation, and resolving any other questions or concerns that arise along the way.
Engage in on-site visits for technical and architectural discussions of the products under evaluation.
Train new hires (Associate Security Engineers, Security Engineers) on details of Common Criteria and FIPS 140-2 industry standards, cryptographic methods and information technology.
Share experiential knowledge
Corsec Security is located in Northern Virginia. We offer competitive salaries and a comprehensive benefits package. The benefits package includes vacation days, holidays, sick days, a 401k program with company matching, health and dental insurance, fully paid life insurance, fully paid long and short term disability insurance, optional supplemental insurance, and optional credit union membership. Corsec observes all federal holidays and also offers generous vacation, holiday, sick, and personal leave plans to help staff balance their personal and professional lives.
In addition, Corsec offers an energetic environment where an enthusiastic "can do" spirit permeates the office. Some of the intangible benefits of working for Corsec include:
--Comprehensive on-the-job training
--Optional credit union membership
--Small business environment (ability to influence & be heard with less red tape)
--Diverse & continuous learning opportunities
--The ability and opportunity to run your own project among a variety of assignments
--Casual dress code, "open door" policy, flex hours
--Being judged fairly on your work output
--A management team with strong ethics (above board, open communication)
--Fun company sponsored activities
--A pool table in the conference room!
Our employees come from diverse backgrounds and each one brings great culture into the office every day. The quality of our employees' work has a strong positive impact on this growing company. Corsec is always looking for new talent to further develop business and improve team efficiency.
For immediate consideration, please email your resume and cover letter.
THIS JOB HAS EXPIRED