Job Summary
Join NetApp's innovative Security development organization as a Security Compliance and Validation Engineer, where you'll be at the forefront of certifying and validating cryptographic modules for ONTAP, NetApp's flagship operating system. Engage in assessing the compliance of cryptographic modules against the Federal Information Processing Standard (FIPS) 140-3, evaluating devices against the Common Criteria Security Evaluation and participating in the Department of Defense Information Network Approved Products List (DoDIN APL) validation process. This role encompasses a broad scope, including Entropy Source Validation (ESV), Cryptographic Algorithm Validation Program (CAVP), FIPS validations, and Common Criteria validations. This role involves working closely with various teams to track, validate, and maintain security certifications and compliance for our products.
This is a mid-level technical position that requires an individual to be broad-thinking, systems-focused, creative, team-oriented, technologically savvy, able to work in a small and large cross-functional teams, willing to learn and driven to produce results.
Job Requirements
Ensure ONTAP products comply with FIPS 140-3 and Common Criteria
Track and validate security certifications, including OpenSSL and other cryptographic modules
Collaborate with the Product Security Group (PSG) to ensure all certifications are up-to-date and properly documented
Develop and execute validation plans for security compliance
Maintain detailed documentation of security compliance processes and validation results
Report any discrepancies or issues found during validation to the relevant teams
Perform reviews for various specifications, including test plans, test evidence, security policies, and validation reports
Configure software/hardware test setup for conducting the validation activities
Create and update documentation required for certifications submissions and audits
Education
Requires greater than 3-5 years of technical experience in FIPS 140-2 or FIPS 140-3 validation of cryptographic modules and Common Criteria evaluation
Experience collaborating with FIPS validation labs for testing cryptographic modules
Familiar with FIPS 140-3, CAVP/ESV/CMVP programs, cPP and CC standards, and the various validation processes
Ability to create or use automation tools and frameworks for security validation
Strong understanding of cryptography and security protocols (TLS, IPsec)
Good knowledge of cross-compilation and package creation of open-source utilities on Linux as required for above certifications
Excellent coding skills in Python, C required
Willing to work on additional tasks and responsibilities that will contribute towards team, department and company goals
Proficiency in conducting source code reviews and operational tests of cryptographic modules
Strong interpersonal skills to develop relationships with labs as a technical point-of-contact
Compensation:
The target salary range for this position is 138,780 - 195,030 USD. The salary offered will be determined by the candidate's location, qualifications, experience, and education and may be outside of this range. Final compensation packages are competitive and in line with industry standards, reflecting a variety of factors, and include a comprehensive benefits package. This may cover Health Insurance, Life Insurance, Retirement or Pension Plans, Paid Time Off (PTO), various Leave options, Performance-Based Incentives, employee stock purchase plan, and/or restricted stocks (RSU's), with all offerings subject to regional variations and governed by local laws, regulations, and company policies. Benefits may vary by country and region, and further details will be provided as part of the recruitment process.