Security Compliance and Validation Engineer (FIPS)

Job Summary

Join NetApp’s innovative Security development organization as a Security Compliance and Validation Engineer, where you'll be at the forefront of certifying and validating cryptographic modules for ONTAP, NetApp’s flagship operating system. Engage in assessing the compliance of cryptographic modules against the Federal Information Processing Standard (FIPS) 140-3, evaluating devices against the Common Criteria Security Evaluation and participating in the Department of Defense Information Network Approved Products List (DoDIN APL) validation process. This role encompasses a broad scope, including Entropy Source Validation (ESV), Cryptographic Algorithm Validation Program (CAVP), FIPS validations, and Common Criteria validations. This role involves working closely with various teams to track, validate, and maintain security certifications and compliance for our products.

This is a mid-level technical position that requires an individual to be broad-thinking, systems-focused, creative, team-oriented, technologically savvy, able to work in a small and large cross-functional teams, willing to learn and driven to produce results.

Job Requirements

• Ensure ONTAP products comply with FIPS 140-3 and Common Criteria
• Track and validate security certifications, including OpenSSL and other cryptographic modules
• Collaborate with the Product Security Group (PSG) to ensure all certifications are up-to-date and properly documented
• Develop and execute validation plans for security compliance
• Maintain detailed documentation of security compliance processes and validation results
• Report any discrepancies or issues found during validation to the relevant teams
• Perform reviews for various specifications, including test plans, test evidence, security policies, and validation reports
• Configure software/hardware test setup for conducting the validation activities
• Create and update documentation required for certifications submissions and audits

Education

• Requires greater than 3-5 years of technical experience in FIPS 140-2 or FIPS 140-3 validation of cryptographic modules and Common Criteria evaluation
• Experience collaborating with FIPS validation labs for testing cryptographic modules
• Familiar with FIPS 140-3, CAVP/ESV/CMVP programs, cPP and CC standards, and the various validation processes
• Ability to create or use automation tools and frameworks for security validation
• Strong understanding of cryptography and security protocols (TLS, IPsec)
• Good knowledge of cross-compilation and package creation of open-source utilities on Linux as required for above certifications
• Excellent coding skills in Python, C required
• Willing to work on additional tasks and responsibilities that will contribute towards team, department and company goals
• Proficiency in conducting source code reviews and operational tests of cryptographic modules
• Strong interpersonal skills to develop relationships with labs as a technical point-of-contact

Compensation:
The target salary range for this position is 138,780 - 195,030 USD. The salary offered will be determined by the candidate's location, qualifications, experience, and education and may be outside of this range. Final compensation packages are competitive and in line with industry standards, reflecting a variety of factors, and include a comprehensive benefits package. This may cover Health Insurance, Life Insurance, Retirement or Pension Plans, Paid Time Off (PTO), various Leave options, Performance-Based Incentives, employee stock purchase plan, and/or restricted stocks (RSU’s), with all offerings subject to regional variations and governed by local laws, regulations, and company policies. Benefits may vary by country and region, and further details will be provided as part of the recruitment process.