FIPS Security Engineer - Remote Eligible

FIPS Security Engineer

A FIPS Security Engineer is a technical position within Leidos' Cryptographic and Security Testing Lab (CSTL) which is part of the Leidos' Accredited Testing & Evaluation (AT&E) Lab providing validation consultancy support to CST customers.

A FIPS Security Engineer shall meet the following requirements:

• Minimum Bachelor of Science in Computer Science, Computer Engineering, or related technical discipline, or equivalent experience.
• At least 2 years working at a CST validation laboratory or demonstrate proficient knowledge in the subject area.
• CVP certification is not required for this role, however, it is highly recommended and should be pursued to enhance skills and career development within the field.
• Possess sound knowledge of IT security concepts and familiarity with the CST technical procedures and the validation methodologies employed by the CST.

Responsibilities include:

• Is accountable for competently conducting product security assessments under the direction of the lead tester.
• Maintains an ongoing dialogue with the lead tester about the status and conduct of security assessments.
• Analyzes and clarifies customer requirements.
• Understands and complies with test methods and procedures.
• Reports details of all nonconforming work and supplies that prohibit the accurate conduct of security assessments (observation reports).
• Meets the IAT Level I position requirements as defined in DoD 8570.01-M, to include at least one of the following certifications: GISF, GSLC, Security +, or equivalent industry experience.
• Possesses two years of direct experience with IT products and networking and one year of direct or support experience with IT product security assessments.
• Strong FIPS knowledge.
• Mentor junior testers, as needed.
• Coordinate all tasks with the project lead tester or lab manager.
• Provide weekly informal status for all tasks to the project lead tester.
• Lead client facing activities.
• Independently perform the following:
• Algorithm generation and verification testing activities using CAVS and the ACVTS.
• Design reviews.
• Compliance analysis.
• Source code reviews.
• Failure testing.
• Operational testing.
• Testing activities.
• Complete CRYPTIK sections with 70 percent proficiency.
• Independently perform physical testing.
• Complete Physical Testing Reports with 70 percent proficiency.
• Draft DRF and onsite test plans.

At Leidos, we don't want someone who "fits the mold"—we want someone who melts it down and builds something better. This is a role for the restless, the over-caffeinated, the ones who ask, "what's next?" before the dust settles on "what's now."

If you're already scheming step 20 while everyone else is still debating step 2… good. You'll fit right in.