Security Evaluator
SGS North America Inc.

Company Description

SGS is the global leader and innovator in inspection, verification, testing and certification services. Founded in 1878, SGS is recognized as the global benchmark in quality and integrity. With over 97,000 employees in 130 countries and operating a network of more than 2,400 offices and laboratories, we provide services to almost every industry by assuring quality and safety of products and services.

Trusted all over the world, SGS is a market leader because we put 100% passion, pride and innovation into everything we do. We encourage new ideas. We welcome people who challenge the way we do things. And we will be 100% committed to helping you reach your full potential.

Job Description

An Information Security Evaluator (ISE) performs conformance testing services to various security standards, such as Postal and FIPS 140-3. Conformance testing involves the assessment of cryptographic security modules and/or postage evidencing systems (PES) to pertinent requirements driven by published standards. The position requires an intimate understanding of various security standards. The ISE is required to conduct a detailed documentation review (includes analysis of schematics, assembly diagrams, component datasheets, printed wiring assemblies, finite state models, functional specifications, security policies, cryptographic key management specifications, etc.), source code review, module operational and functional testing, physical security testing, vulnerability analysis, of a cryptographic module. In addition, they will be required to generate detailed test plans and reports.

• The ISE will be responsible for the evaluation and conformance testing to various security standards (e.g., FIPS 140-3) upon various information security related products (e.g., cryptographic modules).
• The ISE will continue to educate and stay up to date with changes and updates to each standard.
• Learn all applicable Penumbra policies, procedures, and guidance. Proficient in writing technical assessments and analysis of hardware and software designs, design concepts and supporting documentation for conformance to respective standards or best practices.
• Interact with the customer to plan and execute testing. Plan and manage project schedules.
• Provide project status to the customer and internal management. Assist with training workshops on product design for compliance with security requirements.
• Present applicable standards overview and educational materials to customers.
• Provide internal engineer training within areas of his/her proficiency.

Qualifications

• BS in computer science, mathematics, physics, computer or electrical engineering, management information systems (MIS), or other related discipline
• Strong IT background in PC, MAC, and networking, e.g., CCNA, CCNP, CCIE
• Knowledge of Operating Systems, Applications, Networking Appliances, and Peripheral Component technologies
• Application programming competency in either C, C++, Java, or other languages
• Penetration Testing experience, desirable
• Security Certifications such as CISSP, CISA, GPEN or similar
• Technical writing proficiency

Salary information starting at $70,000 to be based on experience.

---