Mid-level, FIPS 140 Security Engineer & CVP Certified Tester

Work model: REMOTE

Department: FIPS/Testing

Location: Columbia, MD

Role Type: Contract

No Clearance Required*
Not available on C2C contract basis*
Not able to provide sponsorship*

About Our Client
Our client offers an exciting opportunity to work in the rapidly expanding IT Security field, integral to supporting national defense initiatives. This organization plays a crucial role in ensuring national security by evaluating and validating IT security products that are deployed to facilitate secure communications for military and defense systems. You will join a team of industry experts and work with a wide range of Commercial Off-The-Shelf (COTS) products across various technology types in a hands-on lab environment. The company fosters a supportive culture with performance-based career development, flexible hours, work-life balance, and opportunities for continuous learning and professional growth.

Job Description
As a FIPS 140 Security Engineer, you will be a vital member of a dedicated team focused on performing in-depth security evaluations and validation projects. Your day-to-day work will involve a comprehensive range of activities, from general security analysis and product architecture review to hands-on vulnerability and physical security testing. You will apply your technical expertise to conduct system-level logical analysis, rigorous cryptographic algorithm testing, and detailed source code reviews, all while ensuring products meet stringent security standard requirements.
This role offers the opportunity to directly contribute to securing critical communication systems for national defense, providing an impactful career in a growing industry. You will collaborate closely within a team environment, sharing knowledge with experts, and your work will involve not only testing but also the development of applications and automation scripts to enhance testing capabilities, culminating in precise technical report writing. The ideal candidate is passionate about cybersecurity, cryptology, and ensuring the highest standards of product security.

Duties and Responsibilities

Work on varied FIPS 140 validation projects.
Perform general security analysis of products and systems.
Conduct design work related to product architecture.
Execute vulnerability testing on various technologies.
Conduct physical security testing of devices.
Perform system-level logical analysis.
Evaluate products against Technology Type standards (Protection Profiles).
Conduct cryptographic and Public Key Infrastructure (PKI) testing.
Perform cryptographic algorithm testing.
Engage in source code review activities.
Author and review technical reports documenting findings.
Automate testing processes through scripting.
Develop applications to support test cases.

Required Experience/Skills

Cryptographic Module Validation Program (CMVP) Certification.
Knowledge of cryptographic encryption algorithms, key exchange algorithms, hashing/message authentication algorithms, PKI, and random number generators.
Experience with various programming languages such as C, C++, Python, or Java, and their development environments.
Ability to comprehend security standard requirements and apply them effectively to products.
Experience setting up networks and familiarity with subnetting and routing concepts.
Knowledge of common security-related protocols and their design (e.g., SSH, IPsec, TLS).
Experience building testing environments, performing testing, and reporting results (technical writing).
Strong troubleshooting and problem-solving skills.
Strong multitasking and time management abilities.
Typically requires a Bachelor of Science (BS) degree with 2 to 4 years of prior relevant experience.

Nice-to-Haves

Experience with Python programming language.
Experience with debugging tools (e.g., Android debug bridge (adb), WinDBG, Visual Studio).
Experience with statistical analysis of entropy sources.
Knowledge of OpenSSL and/or OpenPGP.
Vulnerability Analysis and/or penetration testing experience/expertise.
Strong knowledge of computer security principles and best practices.
Strong English (both oral and written) skills.
Related certifications (e.g., CCNA/CCNP/CCIE, JNCIA/JNCIS/JNCIP/JNCIE).
Knowledge of Active Directory and Linux.
Hands-on experience using tools such as an oscilloscope, function generator, multi-meter, or signal generator.
Knowledge of X.509 certificate validation.

Education

Typically requires a Bachelor of Science (BS) degree.

Pay & Benefits Summary

Performance-based career development with well-defined roles and actionable qualifications.
Flexible hours within the constructs of the workday.
Opportunity to attend industry-related conferences and seminars.
Emphasis on maintaining work-life balance.
Opportunity to work with and learn from industry experts in an open environment.
Great team camaraderie.
Tuition reimbursement within appropriate disciplines.

Mid-level, FIPS 140 Security Engineer & CVP Certified Tester

Similar Jobs