Security Evaluator

Company Description

Company Description

SGS is the global leader and innovator in inspection, verification, testing and certification services. Founded in 1878, SGS is recognized as the global benchmark in quality and integrity. With over 97,000 employees in 130 countries and operating a network of more than 2,400 offices and laboratories, we provide services to almost every industry by assuring quality and safety of products and services.

Trusted all over the world, SGS is a market leader because we put 100% passion, pride and innovation into everything we do. We encourage new ideas. We welcome people who challenge the way we do things. And we will be 100% committed to helping you reach your full potential.

Job Description

POSITION SUMMARY

The Security Evaluator performs conformance testing services to various security standards, such as Postal and FIPS 140-2. Conformance testing involves assessing designs and implementations for compliance to established requirements. It also involves documentation, software, hardware, physical security, logical security, functional and operational testing, and evaluation, as well as test planning and reporting. Other tasks may include creating new testing procedures, testing tools, and report templates.

JOB FUNCTIONS

• Provide expert security and technical services to Penumbra's customers. This includes conformance testing services, as well as other testing services such as penetration testing, application vulnerability assessments, physical security, SPA/DPA, and network security audits.

• Responsible for planning tests, as approved by the Technical Manager.

• Responsible for modifying test methods and developing and validating new methods, as approved by the Technical Manager.

• Responsible for reporting test results (including opinions and interpretations), as approved by the Technical Manager.

• Specializes in the following product classes: FIPS 140-2 Conformance Testing, Postage Evidencing Systems (PES) Evaluations, Infrastructure Audits (ISO/IEC 27002, BSI IT), Cryptographic Algorithm Testing, Penetration Testing, IT Network and System Assessments

• Networking Equipment and Computer Systems

Qualifications

EDUCATION AND EXPERIENCE

• BS in computer science, mathematics, computer or electrical engineering, management information systems (MIS), or other related discipline
• 3-5 years of experience, training, knowledge, or familiarity in 17CAV, 17CMH, and 17CMS
• 3-5 years of experience, training, knowledge, or familiarity in 17 CMH1 Security Levels 1 to 3 to include production grade, tamperevident, and tamper detection techniques, hardware implementations and technologies associated with single-chip and multi-chip embodiments, epoxies, potting materials, adhesives (e.g. tamper-evident labels), and their chemical properties, electrical design, schematics, and concepts, including logic design and HDL representations, skills associated with tamper mitigation methods and performing test methods of compromising tamper protection mechanisms
• 3-5 years of experience, training, knowledge, or familiarity in 17CMH2 Security Level 4 to include voltage and temperature measurement (Environmental Failure Protection/Environmental Failure Testing (EFP/EFT)), tamper detection/response envelopes, formal modeling methods
• 3-5 years of experience, training, knowledge, or familiarity in 17 CMS1 Security Levels 1 to 3 to include evaluating operating systems under the Common Criteria EAL2 through EAL3 or equivalents
• 3-5 years of experience, training, knowledge, or familiarity in 17CMS2 Security Level 4 to include formal modeling methods and evaluating operating systems under the Common Criteria EAL4 or equivalent

LICENSES / CERTIFICATIONS

• Certification to perform FIPS 140-2 testing

• Security Certifications such as CISSP or equivalent, preferred

KNOWLEDGE / SKILLS / ABILITIES

• Strong IT background in PC, MAC, and networking, e.g. CCNA, CCNP, CCIE

• Knowledge of Operating Systems, Applications, Networking Appliances, and Peripheral Component technologies

• Application programming competency in either C, C++, Java, or other languages

• Penetration Testing experience, desirable

• Knowledge and experience with cryptography, preferred Technical writing proficiency

• Experience with the application of security standards and practice

• Other: CISSP, CISA, GPEN

Additional Information

Additional information

SGS is an Equal Opportunity Employer, and as such we recruit, hire, train, and promote persons in all job classifications without regard to race, color, religion, sex, national origin, disability, age, marital status, sexual orientation, gender identity or expression, genetics, status as a protected veteran, or any other characteristics protected by law.

To perform this job successfully, an individual must be able to perform each essential duty satisfactorily with or without reasonable accommodations. The requirements listed above are representative of the knowledge, skills, and/or abilities required.

This job description should not be construed as an exhaustive statement of duties, responsibilities or requirements, but a general description of the job. Nothing contained herein restricts the company's rights to assign or reassign duties and responsibilities to this job at any time.

If you are applying for a position within the United States and you have difficulty completing the on-line employment application because of a disability, please call 201-508-3149 for assistance and leave a message. You will receive a callback. Please note, this phone number is not for general employment information but is only for individuals who are experiencing difficulty applying for a position due to a disability.