Cryptographic Security Expert (CSE)
SGS North America Inc.

Company Description

SGS is the global leader and innovator in inspection, verification, testing and certification services. Founded in 1878, SGS is recognized as the global benchmark in quality and integrity. With over 97,000 employees in 130 countries and operating a network of more than 2,400 offices and laboratories, we provide services to almost every industry by assuring quality and safety of products and services.

Trusted all over the world, SGS is a market leader because we put 100% passion, pride and innovation into everything we do. We encourage new ideas. We welcome people who challenge the way we do things. And we will be 100% committed to helping you reach your full potential.

Penumbra Security, Inc. (Penumbra) is a subsidiary of SGS North America. Penumbra is a Cryptographic Security Testing Laboratory (CSTL) accredited by the National Voluntary Laboratory Accreditation Program (NVLAP Laboratory Code 200983-0) under the National Institute of Standards and Technology (NIST). Located in Clackamas, Oregon, Penumbra specializes in various types of Information Security conformance testing and regulatory compliance.

Job Description

Position description (Summary)

The Cryptographic Security Expert (CSE) is a specialized cybersecurity professional or subject matter expert (SME) in specific areas of cryptography and information security. The CSE will be looked upon to lead and support a team of information security evaluators whose responsibility is to perform conformance testing services to various information security standards. The position will involve solving complex problems as they relate to assessing Penumbra customer information security systems to respective published standards. Conformance testing involves assessing designs and implementations for compliance to established requirements. It also involves documentation, software, hardware, physical security, logical security, functional and operational testing, and evaluation, as well as test planning and reporting. Other tasks include creating testing procedures, test tools, report templates as well as training, mentoring and guiding other staff members.

Key REsponsibilities

The CSE will directly provide expert security and technical services to Penumbra's customers. This includes conformance testing services. The CSE is responsible for planning tests, modifying test methods, and developing and validating new methods, and reporting test results (including opinions and interpretations), as approved by the General Manager.

Cryptographic Algorithm Conformance Testing: Conduct detailed cryptographic analysis of systems, protocols, and cryptographic implementations. Evaluate and test cryptographic algorithms and protocols against NIST, ISO/IEC, ANSI, BSI and other standards.

Entropy System Evaluations: Evaluate entropy generation architectures against common models for conformance to various global standards. This includes evaluation of heuristic and stochastic models. The analysis must be able to justify where the entropy is captured in the entropy source.

Cryptographic System Evaluations: Perform complex analysis, design, development, integration, testing and debugging cryptographic and hashing algorithms; and applying cryptography-based solutions to contemporary use cases such as evaluating for a variety of cryptographic modules and information systems.

Client Interaction: Provide expert consultation and guidance to clients, addressing questions and concerns related to product compliance to various standards and cryptographic security.

Training: Organize and develop training sessions for security evaluators within the organization

Mentoring: Design and develop secure cryptographic solutions to protect data at rest, in transit, and during processing.

Research and Development: Stay up to date with the latest advancements in cryptographic techniques and technologies and apply this knowledge to improve our services.

Security Guidance: Provide expert guidance to clients and internal teams on cryptographic best practices, risk mitigation, and security measures.

Documentation: Maintain detailed documentation and/or reports of cryptographic assessments, findings, and recommendations. Review security evaluator reports for technical accuracy.

Collaboration: Collaborate with security evaluators, and across other SGS lines of business as it relates to information security product conformance.

Qualifications

Education and Experience

A CSE candidate is recommended to have five years of general experience including three years of specialized experience. Five years of general experience includes all aspects of cryptography, or a mixture of experience from the mathematical disciplines. Three years of specialized experience may include developing or analyzing cryptographically secure systems with randomness or entropy requirements or working with the NIST or BSI requirements. Other experience related to advanced knowledge of entropy sources and entropy evaluation techniques would also suffice.

• A master's degree in cryptography, computer science, engineering, mathematics, physics or other related scientific or technical discipline; or a bachelor's degree in one of the above-mentioned fields plus 8 years' related experience; or a PhD.
• A background in any of the following: heuristic or stochastic modeling, signal, and interrupt processing, digital or analog circuits, other events in computing systems.
• Knowledge and experience with cryptography such as, experience in developing, analyzing, testing, and researching Public Key Infrastructures using X.509 certificates, symmetric and public key algorithms, hash functions, and quantum cryptography.
• Technical writing proficiency
• Experience with the application of security standards and practice

Knowledge, SKILLS, and Abilities

The Senior Evaluator shall have experience, training, knowledge, or familiarity in the following areas:

• Proficiency in publications, guidelines, and standards related to cryptographic security.
• Strong understanding of cryptographic algorithms, protocols, and key management practices.
• Industry certifications, such as Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), or Certified Information Systems Manager (CISM), are a plus.
• Excellent problem-solving skills, critical thinking abilities, and meticulous attention to detail.
• Strong communication skills, with the ability to convey complex security concepts to clients and team members.
• Ability to self-manage his/her time, prioritize tasks, and stay organized.
• Ability to research and problem solve.
• Ability to work independently.
• Ability to work well with others.
• Ability to work effectively in high pressure, high volume, high growth environment, balancing several assignments concurrently with different deadlines.
• Impeccable accuracy required, superb attention to detail required.
• Unquestionable business and personal integrity and ethical standards.

Demonstrate strong commitment to SGS Operational Integrity policies, procedures, guidelines, and instructions by participating in and enhancing the SGS culture of safety to attend safety meetings, complete required training, intervene in case of unsafe situations, refuse unsafe work, and fully comply with laws, regulations, internal, and customer requirements for health and safety.

This job has expired.