Job Order: J0814-1767 - Permanent Full Time
Title: Senior IT Security Specialist
Category: Consulting / Business / Functional
City: Manassas, Virginia, United States
Job Description: Senior IT Security Specialist
Due to recent growth, CGI is seeking a Senior IT Security Specialist (Senior Security Test Engineer) to work in the field of FIPS 140 conformance testing and to lead overall evaluation initiatives. We require an experienced Program Manager with prior certification program successes, namely in the areas of third-party certifications such as Common Criteria and Federal Information Processing Standard (FIPS). This is a dynamic and collaborative work environment where candidates are challenged to learn leading edge technologies and verify that the products evaluated conform to security requirements described in the FIPS 140-2 Standard.
The Senior IT Security Specialist (Senior Security Test Engineer) serves as the Lead FIPS Evaluator responsible for program management, review and assessment of products against the FIPS 140-2 Derived Testing Requirements (DTRs). A typical FIPS 140-2 assessment includes the review of a product's architecture, security policy, and other design documentation such as source code, implementation test plan, configuration management and development life-cycle documentation. Functional and algorithm testing will also be performed to ensure the project functions as specified in documentation. Upon completion, a written verdict for the evaluation will be produced and submitted to the CMVP.
Assessments will involve a wide variety of software and hardware technologies. As such, an ideal candidate will have a strong background and knowledge of security products that implement cryptography such as routers/gateways, Proxies, VPN, firewalls, wireless radios/access points, mobile devices, HSMs, USB drives, smart cards, embedded PCI cards and others. Knowledge of operating systems and software products such as SSL libraries, cryptographic toolkits, PKI software, disk encryption software and virtualization software would also be an asset.
An ideal candidate will also possess an ability to interface with customers providing them with technical guidance and support during the evaluation of an IT security product. The Lead Evaluator provides oversight for the practice and all product evaluations as it relates to each validation standard. They provide a roadmap of each milestone required for securing the validation, and a firm fixed price quote that covers the service engagement as a turn-key service, through product certification.
Technical Requirements:
- Must have minimum of 5 years of experience performing product, system or compliance testing, experience in security product hardware/software design or evaluation; or must possess a minimum of 10 years experience working in IT security;
- Must possess a strong knowledge of technologies and protocols such as: TCP/IP, IPSEC, TLS, IDS/IPS, S-FTP, SNMPv3, HTTPS, SSH, Wireless LANs (802.11) and Bluetooth;
- Knowledge of the programming languages C, C++, Java, Assembler, or Verilog;
- Knowledge of Operating Systems such as Windows, Linux, Solaris, QNX®, BlackBerry® OS 6/7, Android and Windows Mobile;
- Knowledge of symmetric, asymmetric, digital signature and key agreement cryptographic algorithms;
- Knowledge of FIPS 140-2, FIPS 201 Standards, SCAP, Common Criteria, ISO 17025, and other related standards;
- Familiarity with NIST Special Publications 800-131 A, 800-57, 800-23 or other related NIST SPs;
- Non-manufacturer, professional designations and certifications (e.g. CISSP, CISA, SANS) are an asset; and
- Successful completion of a post-secondary program, preferably in a field related to IT security, computer science or engineering.
Non-Technical Requirements:
- Manage and facilitate multiple medium to large scale projects including scoping the requirements, developing detailed project plans, program goals, deliverables and related risks
- Define Program tasks and resource requirements, including program budgets and review
- Develop full scale certification program plans to enable successful and timely Federal certifications
- Translate general customer requirements into concrete strategic and tactical plans, ensuring clarity and understanding by all stakeholders
- Manage program plans to ensure timely delivery of milestones, including presentation of regular reports defining progress against major milestones, elevation and mitigation to risks as they arise and escalations to management when roadblocks occur and need intervention
- Work effectively and communicate with internal and external clients, third party vendors (Inc. managing vendor relationships), and senior management to ensure a thorough understanding of the assigned project status
- Ability to use technical and functional expertise to advise, coach non specialists on complex issues clarifying assignments and deliverables
- High degree of flexibility and willingness to do what is required to help ensure business success
- Monitor, resolve and / or escalate issues affecting the projects with an ability to think on your feet- making well-reasoned recommendations even with incomplete data
- Excellent written and verbal communication skills, including ability to present to large audiences and executives
- Strong Leadership skills with an ability to effectively manage, motivate and drive a cross-functional team
- Personal Maturity understands own strengths and weaknesses, has professional standards with regard to attendance, personal accountability, and integrity
- Ability to work collaboratively to build and maintain excellent relationships with Engineering, the Federal Sales Team and external consulting and certifying agencies
- Minimum 10 of years experience in a customer-facing technical role;
- ust have demonstrated experience managing multiple projects with stringent deadlines;
- Experience dealing with cross-cultural and/or foreign customers is an asset;
- Excellent communication skills, ability to articulate requirements in technical and non-technical terms to customers, peers, and management;
- Excellent writing skills - must be able to prepare consistent and quality reports; and
- A proven ability to work independently.
Other Requirements:
- MS/BS in CS/IS preferred, or equivalent experience.
- Prior experience with delivering successful industry recognized certification programs such as, but not limited to, FIPS and Common Criteria Programs.
- PMP Certification highly desirable.
- Must be willing to travel internationally - Experience working in a multi-disciplinary team.
- Valid passport as occasional domestic and international travel will be required.
All candidates must be eligible for security clearance to the level of secret.*LI-BW1 At CGI, we're a team of builders. We call our employees members because all who join CGI are building their own company - one that has grown to 68,000 professionals located in 40 countries. Founded in 1976, CGI is a leading IT and business process services firm committed to helping clients succeed. We have the global resources, expertise, stability and dedicated professionals needed to achieve results for our clients - and for our members. Come grow with us. Learn more at www.cgi.com.
This is a great opportunity to join a winning team. CGI offers a competitive compensation package with opportunities for growth and professional development. Benefits for full-time, permanent members start on the first day of employment and include a paid time-off program and profit participation and stock purchase plans.
We wish to thank all applicants for their interest and effort in applying for this position, however, only candidates selected for interviews will be contacted.
No unsolicited agency referrals please.
Qualified applicants will receive consideration for employment without regard to their race, color, religion, national origin, sex, protected veteran status or disability.
Skills
- Firewalls
- Info Systems Security Officer
Reference: 342959
Title: Senior IT Security Specialist
Category: Consulting / Business / Functional
City: Manassas, Virginia, United States
Job Description: Senior IT Security Specialist
Due to recent growth, CGI is seeking a Senior IT Security Specialist (Senior Security Test Engineer) to work in the field of FIPS 140 conformance testing and to lead overall evaluation initiatives. We require an experienced Program Manager with prior certification program successes, namely in the areas of third-party certifications such as Common Criteria and Federal Information Processing Standard (FIPS). This is a dynamic and collaborative work environment where candidates are challenged to learn leading edge technologies and verify that the products evaluated conform to security requirements described in the FIPS 140-2 Standard.
The Senior IT Security Specialist (Senior Security Test Engineer) serves as the Lead FIPS Evaluator responsible for program management, review and assessment of products against the FIPS 140-2 Derived Testing Requirements (DTRs). A typical FIPS 140-2 assessment includes the review of a product's architecture, security policy, and other design documentation such as source code, implementation test plan, configuration management and development life-cycle documentation. Functional and algorithm testing will also be performed to ensure the project functions as specified in documentation. Upon completion, a written verdict for the evaluation will be produced and submitted to the CMVP.
Assessments will involve a wide variety of software and hardware technologies. As such, an ideal candidate will have a strong background and knowledge of security products that implement cryptography such as routers/gateways, Proxies, VPN, firewalls, wireless radios/access points, mobile devices, HSMs, USB drives, smart cards, embedded PCI cards and others. Knowledge of operating systems and software products such as SSL libraries, cryptographic toolkits, PKI software, disk encryption software and virtualization software would also be an asset.
An ideal candidate will also possess an ability to interface with customers providing them with technical guidance and support during the evaluation of an IT security product. The Lead Evaluator provides oversight for the practice and all product evaluations as it relates to each validation standard. They provide a roadmap of each milestone required for securing the validation, and a firm fixed price quote that covers the service engagement as a turn-key service, through product certification.
Technical Requirements:
- Must have minimum of 5 years of experience performing product, system or compliance testing, experience in security product hardware/software design or evaluation; or must possess a minimum of 10 years experience working in IT security;
- Must possess a strong knowledge of technologies and protocols such as: TCP/IP, IPSEC, TLS, IDS/IPS, S-FTP, SNMPv3, HTTPS, SSH, Wireless LANs (802.11) and Bluetooth;
- Knowledge of the programming languages C, C++, Java, Assembler, or Verilog;
- Knowledge of Operating Systems such as Windows, Linux, Solaris, QNX®, BlackBerry® OS 6/7, Android and Windows Mobile;
- Knowledge of symmetric, asymmetric, digital signature and key agreement cryptographic algorithms;
- Knowledge of FIPS 140-2, FIPS 201 Standards, SCAP, Common Criteria, ISO 17025, and other related standards;
- Familiarity with NIST Special Publications 800-131 A, 800-57, 800-23 or other related NIST SPs;
- Non-manufacturer, professional designations and certifications (e.g. CISSP, CISA, SANS) are an asset; and
- Successful completion of a post-secondary program, preferably in a field related to IT security, computer science or engineering.
Non-Technical Requirements:
- Manage and facilitate multiple medium to large scale projects including scoping the requirements, developing detailed project plans, program goals, deliverables and related risks
- Define Program tasks and resource requirements, including program budgets and review
- Develop full scale certification program plans to enable successful and timely Federal certifications
- Translate general customer requirements into concrete strategic and tactical plans, ensuring clarity and understanding by all stakeholders
- Manage program plans to ensure timely delivery of milestones, including presentation of regular reports defining progress against major milestones, elevation and mitigation to risks as they arise and escalations to management when roadblocks occur and need intervention
- Work effectively and communicate with internal and external clients, third party vendors (Inc. managing vendor relationships), and senior management to ensure a thorough understanding of the assigned project status
- Ability to use technical and functional expertise to advise, coach non specialists on complex issues clarifying assignments and deliverables
- High degree of flexibility and willingness to do what is required to help ensure business success
- Monitor, resolve and / or escalate issues affecting the projects with an ability to think on your feet- making well-reasoned recommendations even with incomplete data
- Excellent written and verbal communication skills, including ability to present to large audiences and executives
- Strong Leadership skills with an ability to effectively manage, motivate and drive a cross-functional team
- Personal Maturity understands own strengths and weaknesses, has professional standards with regard to attendance, personal accountability, and integrity
- Ability to work collaboratively to build and maintain excellent relationships with Engineering, the Federal Sales Team and external consulting and certifying agencies
- Minimum 10 of years experience in a customer-facing technical role;
- ust have demonstrated experience managing multiple projects with stringent deadlines;
- Experience dealing with cross-cultural and/or foreign customers is an asset;
- Excellent communication skills, ability to articulate requirements in technical and non-technical terms to customers, peers, and management;
- Excellent writing skills - must be able to prepare consistent and quality reports; and
- A proven ability to work independently.
Other Requirements:
- MS/BS in CS/IS preferred, or equivalent experience.
- Prior experience with delivering successful industry recognized certification programs such as, but not limited to, FIPS and Common Criteria Programs.
- PMP Certification highly desirable.
- Must be willing to travel internationally - Experience working in a multi-disciplinary team.
- Valid passport as occasional domestic and international travel will be required.
All candidates must be eligible for security clearance to the level of secret.*LI-BW1 At CGI, we're a team of builders. We call our employees members because all who join CGI are building their own company - one that has grown to 68,000 professionals located in 40 countries. Founded in 1976, CGI is a leading IT and business process services firm committed to helping clients succeed. We have the global resources, expertise, stability and dedicated professionals needed to achieve results for our clients - and for our members. Come grow with us. Learn more at www.cgi.com.
This is a great opportunity to join a winning team. CGI offers a competitive compensation package with opportunities for growth and professional development. Benefits for full-time, permanent members start on the first day of employment and include a paid time-off program and profit participation and stock purchase plans.
We wish to thank all applicants for their interest and effort in applying for this position, however, only candidates selected for interviews will be contacted.
No unsolicited agency referrals please.
Qualified applicants will receive consideration for employment without regard to their race, color, religion, national origin, sex, protected veteran status or disability.
Skills
- Firewalls
- Info Systems Security Officer
Reference: 342959
