• Senior Common Criteria Specialist

    Location NL-Leiden | FR-La Ciotat | GB-Basingstoke
    Job ID
    2019-12869
    # of Openings
    1
    Job Category
    Information Technology
  • Overview

    For the global Common Criteria team, UL’s Identity Management and Security (IMS) division is looking for  Senior Common Criteria Specialists in The Netherlands, The United Kingdom and France. UL’s team of Common Criteria specialists work closely together performing high assurance evaluations. We have a strong focus on Smart Cards and Secure Elements, payment terminals, HSM, tachograph vehicle units.

     

    The successful candidate for this position is expected to take responsibility for performing Common Criteria security evaluation tasks on our customers’ products –  from Security Target, design documents and code review through to vulnerability analysis, test planning and interpretation of results. The evaluation tasks are mainly carried out on embedded products, particularly payment devices, such as smart cards, POS terminals and mobile payment devices. A formal report has to be prepared for the customer and the certification authority, and the Common Criteria analyst is normally the technical coordinator for the entire project.

     

    Security Analysts are expected to maintain a high level of expertise regarding known threats and to follow technical developments in the embedded security arena that protect transaction applications. They will be particularly experienced in C, Java, assembly languages, OpenPlatform and EMV standards, perhaps with a background in data security and cryptography.

     

    In addition, the Senior Common Criteria Security Specialist role will require someone with demonstrated capability to work creatively, remotely and with minimum supervision. They will have several years of relevant experience in the field of Common Criteria evaluations, and able to take the lead in projects.

    Responsibilities

    To undertake security evaluation tasks at some of the highest levels in Common Criteria methodology (generally EAL5+) and duties in order to meet customer requirements and project deadlines. The tasks will include:

    • Working together with the Project Management team on evaluation scoping, resource requirements, certification body and customer expectations
    • Support for the security evaluation engineers in charge of product testing by interpreting the review findings, orienting the attack paths and analyzing the test results
    • Writing Technical Reports of Evaluations in line with Certification Bodies and internal quality management requirements
    • Review and evaluation of customer security documentation
    • Customer code review (because of stringent confidentiality and security requirements, this often necessitates travel to customer premises in Europe and sometimes further afield)
    • Based on the reviews, a vulnerability analysis has to be carried out, to determine if the customer product has any potential security weaknesses
    • Contribute to the development of sophisticated, state-of-the-art attacks with tools and scripts by maintaining a high level of expertise in the latest attack methods against embedded products
    • To contribute to internal work processes by improving tools for evaluation efficiency, report writing and technical training (especially for Senior roles)
    • To undertake any ad hoc duties as defined in the UL Standards of Business Conduct and the Quality Control Manual

    Qualifications

    • Degree in Computer Science or other technical discipline and 3 to 5 years relevant working experience
    • Experience in Common Criteria evaluations applied to embedded products
    • Relevant security certifications such as FIPS 140-2, PCI and CC certifications for regional schemesare a plus
    • Experience in software on embedded products, hardware experience is a plus
    • Knowledge of microcontroller architectures and their assembly languages
    • Working understanding of Cryptography and security protocols
    • Ability to work independently and creatively to meet deadlines
    • Excellent commands of written and spoken English
    • Open to business travel

    Soft skills

    • A strong team player, able to learn from and to train your colleagues
    • Comfortable working in a multi-national and multi-disciplinary team
    • Ability to work in a fast-paced environment with minimal direct supervision
    • Strong communication, redaction and presentation skills
    • Enthusiastic and keen to learn new skills
    • Rigorous attention to detail

     

    We offer

    • The opportunity to work in a dynamic international laboratory with a dedicated focus on security and safety providing customers with the highest level of requirements
    • A challenging position in an international team with a wide security expertise in multiple domains such as Identity, Payment and other security devices
    • A chance to mark your mark on the future of our Security Assurance group
    • Personal development: a large range of professional training enables our staff to continually develop their technical, business and soft skills
    • A competitive salary and an interesting bonus arrangement

    Options

    Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
    Share on your newsfeed

    Connect With Us!

    Not ready to apply? Connect with us for general consideration.