Common Criteria Tester

Description Job Description:The Leidos Common Criteria Tester in support of Common Criteria (CC) certifications performs initial assessment of security functions; consults in development of process, design, and test documentation; and conducts the evaluation of security products based on available documentation. The Evaluator will devise and execute Common Criteria testing of commercial products to include its configuration, its operation and affirmation of its ability to meet common criteria required secure IT functionality.What You Will Get to Do:

• The selected candidate will work on varied computer security Common Criteria Evaluation and FIPS 140-2 validation projects
• General security analysis
• Design work (product architecture)
• Vulnerability testing
• Physical security testing
• System-level logical analysis
• Product evaluations against Technology Type standards (Protection Profiles)
• Cryptographic and Public Key Infrastructure (PKI) testing
• Cryptographic algorithm testing
• Source code review activities
• Technical report writing and review
• Testing automation through scripting
• Develop applications to support test cases

• Knowledge of cryptographic encryption algorithms, key exchange algorithms, hashing/message authentication algorithms, PKI, random number generators, etc.
• Experience with various programming languages (C, C, Python or Java) and development environments.
• Ability to comprehend security standard requirements and apply them to products.
• Experience setting up networks and familiarity with subnetting and routing concepts.
• Knowledge of common security related protocols and their design (i.e. SSH, IPsec, TLS, etc.).
• Experience building testing environments, performing testing and reporting results (technical writing).
• Strong troubleshooting and problem solving skills.
• Strong multitasking and time management.

• Experience with Python programming language
• Experience with debugging (Android debug bridge (adb), WinDBG, Visual Studio, etc.).
• Experience with statistical analysis of entropy sources.
• Knowledge of OpenSSL and/or OpenPGP.
• Vulnerability Analysis and/or penetration testing experience/expertise.
• Strong knowledge of computer security principles and best practices.
• Strong English (both oral and written) skills.
• Related certifications (CCNA/CCNP/CCIE, JNCIA/JNCIS/JNCIP/JNCIE).
• Knowledge of Active Directory and Linux.
• Hands on experience using tools such as an oscilloscope, function generator, multi-meter, signal generator, etc.
• Knowledge of X.509 certificate validation.