Job Description

- Develop Security Targets for mobile device products and oversee Common Criteria & FIPS 140-3 certification processes.
- Conduct initial security assessments, analyzing security functions, specifications, and compliance gaps.
- Collaborate with engineering teams to align product design and documentation with NIAP Protection Profiles (MDFPP, VPN, -WLAN, Biometric Enrollment/Verification).
- Perform CAVP algorithm testing and develop security policies for cryptographic modules.
- Conduct vulnerability assessments using tools such as Nessus, NMAP, and Wireshark.
- Assist in drafting and reviewing test reports, certification documentation, and mitigation strategies.
- Act as the primary point of contact for internal and external stakeholders regarding evaluation processes.

Qualifications

- 5+ years in Common Criteria evaluations under NIAP-managed CCEVS (US Scheme).
- Strong understanding of FIPS 140-3 requirements, cryptographic encryption algorithms, key exchange protocols, and security-related protocols (SSH, IPsec, TLS, etc.).
- Proficiency in FIPS
- Experience with security standards ( DCID, DoD, NIST SP)
- Bachelor’s degree in Electrical Engineering, Computer Science, Cybersecurity, or a related field (Master’s preferred).
- Hands-on experience building and testing security evaluation environments.