FIPS 140 Security Engineer
Robert Half · Columbia, MD · Yesterday
On-siteInformation TechnologyTemporary
Key Responsibilities
- Support FIPS 140 validation and security evaluation projects for cryptographic products and systems.
- Perform security architecture reviews, product design analysis, and system-level security assessments.
- Conduct cryptographic and Public Key Infrastructure (PKI) testing.
- Analyze entropy sources in accordance with NIST SP 800-90B requirements and evaluate SP 800-90C random bit generator constructions.
- Create and review Entropy Assessment Reports (EAR) and Public Use Documents (PUD).
- Prepare and submit Entropy Source Validation (ESV) packages through the NIST ESVTS platform.
- Conduct vulnerability assessments, logical security analysis, and physical security testing.
- Review source code and develop scripts or tools to automate testing activities.
- Build testing environments, execute test plans, document findings, and produce technical reports.
- Evaluate products against applicable security standards and technology-type requirements.
Core Qualifications
- Bachelor's degree in Computer Science, Cybersecurity, Computer Engineering, Information Systems, or a related field.
- 2+ years of relevant cybersecurity, cryptographic testing, security engineering, or validation experience.
- Knowledge of cryptographic encryption algorithms, key exchange protocols, hashing algorithms, message authentication techniques, PKI, and random number generators.
- Strong understanding of NIST SP 800-90A, SP 800-90B, and SP 800-90C standards.
- Experience performing entropy source analysis and validation activities.
- Experience with one or more programming languages including Python, C, C++, or Java.
- Experience developing scripts or automation tools to support testing activities.
- Familiarity with SSH, TLS, IPsec, and other security-related protocols.
- Experience building test environments, executing security testing, and documenting results.
- Knowledge of networking fundamentals, including subnetting and routing concepts.
- Strong troubleshooting, analytical, and problem-solving abilities.
- Ability to interpret security standards and apply requirements to products and systems.
- Strong written communication skills and technical documentation experience.