About this role
Job Specification: ------------------- • The selected candidate will work on varied computer security Common Criteria Evaluation and FIPS 140-2 validation projects • Conduct CC Evaluation activities. • Maintains an ongoing dialogue with the line manager /Evaluator CC lab about the status and conduct of netwrok security assessments • Responsible for manage and technical activities of Screening and Evaluation Lab. • Keep track of progress of Network screening and evaluation activities in the lab. • Ensure that thorough, precise and comprehensive screening and evaluation reports are being prepared. • Ensure that procedures for creating, storing, configuration management (CM), accessing, archiving and disposing of screening and evaluation activities records are being followed by teams. • Examine Network devices against the Common Criteria standard in order to determine and document compliance gaps. • Analyze network and Security protocols and their documentation to produce technical documentation that is required for the certification process. • Configure VPN’s to meet certification-specific deployment guidance. • Author evaluation documentation for submission to testing labs and certifying authorities. • Produce testing reports by conducting functional testing of the network devices. • Communicate effectively with product vendors and testing facility personnel to address compliance gaps, testing queries, and documentation comments. • Observe and ensure that the highest standards of confidentiality for the information provided for screening and evaluation are being followed. • Executes certification effort schedules and test methods in accordance with Pakistan CC Scheme and CC. • Understands and complies with test methods and procedures • Reports details of all nonconforming work and supplies that prohibit the accurate conduct of security assessments (observation reports) • Network Vulnerability Analysis and/or penetration testing Qualification: --------------- • MS/BS in a relevant discipline of Computer Science or Computer Engineering or Electrical Engineering such as Cyber Security, Information Security, Network Security, Information Technology, Information Assurance, etc. with minimum of 5 years’ experience of working in the versatile areas of network security evaluations at any relevant department, organization or agency. • Knowledgeable of all relevant standards and publications pertaining to the specific tests (e.g. FIPS140-x, Common Criteria, NSS, NIST Publications, ISO27k, CIS-CAT benchmarking etc.) found on the lab’s scope. • Professional Certifications in Cyber Security and Information Security such as Common Criteria Certified Evaluator,CCNA/CCNP/CCIE/JNCIA/JNCIS/JNCIP/JNCIE ISO/IEC 27001 LA/LI, ISO/IEC 17025 LA would be preferred. Location of Job: ------------------ - Islamabad Other Details: --------------- • Working experience/ practical knowledge in fields of Cyber Security, Information Security, Network Security,IPSec, SSLVPN testing • Hands on experience in network security evaluations tools i.e. IXIA, BeStorm, Wireshark, NMAP, Accunetix, NESSUS & network Analysis Tools etc. • Experience with Scripting languages (C, C++, C#,Perl, Python) • Ability to comprehend security standard & Industry requirements and apply them to products. • Vulnerability Analysis and/or penetration testing experience/expertise • Knowledge of OpenSSL and/or OpenPGP. • Knowledge of common security related protocols and their design (i.e. SSH,SRTP, L2TP, TCP/IP, 802.XX IPsec, TLS, etc.). • Vulnerability Analysis and/or penetration testing experience/expertise. • Experience in all phases of testing lifecycle, including requirement analysis, creating test plans and test cases, execution , defect tracking and reporting • Good experience in scripting using TCL and Python • Experience with traffic generator and simulation like IXIA, Trex, QTP, QC and exposure to Fanfare
