Security Compliance and Validation Engineer (FIPS) at NetApp

Posted in Information Technology about 21 hours ago.

Type: Full Time
Location: Research Triangle Park, North Carolina





Job Description:

Job Summary

Join NetApp's innovative Security development organization as a Security Compliance and Validation Engineer, where you'll be at the forefront of certifying and validating cryptographic modules for ONTAP, NetApp's flagship operating system. Engage in assessing the compliance of cryptographic modules against the Federal Information Processing Standard (FIPS) 140-3, evaluating devices against the Common Criteria Security Evaluation and participating in the Department of Defense Information Network Approved Products List (DoDIN APL) validation process. This role encompasses a broad scope, including Entropy Source Validation (ESV), Cryptographic Algorithm Validation Program (CAVP), FIPS validations, and Common Criteria validations. This role involves working closely with various teams to track, validate, and maintain security certifications and compliance for our products.

This is a mid-level technical position that requires an individual to be broad-thinking, systems-focused, creative, team-oriented, technologically savvy, able to work in a small and large cross-functional teams, willing to learn and driven to produce results.

Job Requirements


  • Ensure ONTAP products comply with FIPS 140-3 and Common Criteria

  • Track and validate security certifications, including OpenSSL and other cryptographic modules

  • Collaborate with the Product Security Group (PSG) to ensure all certifications are up-to-date and properly documented

  • Develop and execute validation plans for security compliance

  • Maintain detailed documentation of security compliance processes and validation results

  • Report any discrepancies or issues found during validation to the relevant teams

  • Perform reviews for various specifications, including test plans, test evidence, security policies, and validation reports

  • Configure software/hardware test setup for conducting the validation activities

  • Create and update documentation required for certifications submissions and audits

Education


  • Requires greater than 3-5 years of technical experience in FIPS 140-2 or FIPS 140-3 validation of cryptographic modules and Common Criteria evaluation

  • Experience collaborating with FIPS validation labs for testing cryptographic modules

  • Familiar with FIPS 140-3, CAVP/ESV/CMVP programs, cPP and CC standards, and the various validation processes

  • Ability to create or use automation tools and frameworks for security validation

  • Strong understanding of cryptography and security protocols (TLS, IPsec)

  • Good knowledge of cross-compilation and package creation of open-source utilities on Linux as required for above certifications

  • Excellent coding skills in Python, C required

  • Willing to work on additional tasks and responsibilities that will contribute towards team, department and company goals

  • Proficiency in conducting source code reviews and operational tests of cryptographic modules

  • Strong interpersonal skills to develop relationships with labs as a technical point-of-contact

Compensation:
The target salary range for this position is 138,780 - 195,030 USD. The salary offered will be determined by the candidate's location, qualifications, experience, and education and may be outside of this range. Final compensation packages are competitive and in line with industry standards, reflecting a variety of factors, and include a comprehensive benefits package. This may cover Health Insurance, Life Insurance, Retirement or Pension Plans, Paid Time Off (PTO), various Leave options, Performance-Based Incentives, employee stock purchase plan, and/or restricted stocks (RSU's), with all offerings subject to regional variations and governed by local laws, regulations, and company policies. Benefits may vary by country and region, and further details will be provided as part of the recruitment process.

Equal Opportunity Employer:

NetApp is firmly committed to Equal Employment Opportunity (EEO) and to compliance with all federal, state and local laws that prohibit employment discrimination based on age, race, color, gender, sexual orientation, gender identity, national origin, religion, disability or genetic information, pregnancy, protected veteran status, and any other protected classification.

Did you know...

Statistics show women apply to jobs only when they're 100% qualified. But no one is 100% qualified. We encourage you to shift the trend and apply anyway! We look forward to hearing from you.

Why NetApp?

We are all about helping customers turn challenges into business opportunity. It starts with bringing new thinking to age-old problems, like how to use data most effectively to run better - but also to innovate. We tailor our approach to the customer's unique needs with a combination of fresh thinking and proven approaches.

We enable a healthy work-life balance. Our volunteer time off program is best in class, offering employees 40 hours of paid time per year to volunteer with their favorite organizations. We provide comprehensive medical, dental, wellness, and vision plans for you and your family. We offer educational assistance, legal services, and access to discounts. Finally, we provide financial savings programs to help you plan for your future.

If you want to help us build knowledge and solve big problems, let's talk.

PDN-9d9a17bb-dca0-4141-9b39-bf27f2fb87c8
More jobs in Research Triangle Park, North Carolina


NetApp

NetApp
More jobs in Information Technology


AT&T

AT&T

NetApp