FIPS Compliance Engineer

Please Note:

1. If you are a first time user, please create your candidate login account before you apply for a job. (Click Sign In > Create Account)

2. If you already have a Candidate Account, please Sign-In before you apply.

Job Description:

The Sr FIPS Compliance Engineer performs assessments of cryptographic security functions including in their use of Cloud Services; consults in development of a product's security design; tests and manages the third party evaluation against National Institute of Standards and Technology (NIST) Federal Information Processing Standard (FIPS) 140-3 for cryptographic modules as well as associated standards in accordance with NIST validation program requirements. Given the wide range of security technologies and interaction with VMware-wide product development teams, this position offers a rare opportunity to rapidly gain experience with a full spectrum of security products and technologies.

Typical responsibilities involve:

• Cryptographic module validation against US NIST FIPS 140-3 standards
• General security and compliance requirements analysis and System Level Logical Analysis - Perform security evaluation activities as needed including presentations to R&D teams
• Design work (product architecture) - Design and prepare instructions, procedures, tools and methods for aiding in third party compliance evaluations
• FIPS Test Harness Development, adaptation, and cross-compiling on multiple platforms
• Engineering compliance documentation (e.g. Security Policy, technical rationale, etc.)
• Cryptographic algorithm and Public Key Infrastructure (PKI) testing
• Source code review activities in a variety of programming languages
   

Required Qualifications:

• Experience  performing evaluations/validations (both as an evaluator and consultant in FIPS140  in a CC / FIPS certified lab or performing FIPS evaluations and/or validations as a vendor)
• Experience with C, C++, Java languages, Perl, Ruby and development environments
• Strong knowledge of computer security principles and best practices
• Experience in security, networking, virtualization, cloud solutions
• Knowledge of common security related and other protocols and their design like ssh, IPsec, TLS, x509, SOAP, REST API, HTTPS, VXLAN, VLAN
• Knowledge of cryptographic encryption algorithms, key exchange algorithms, hashing algorithms, PKI, etc.
• Experience building testing environments, performing testing and reporting results (technical writing)
• Strong ability to read, understand and write development documents (e.g. functional spec, design spec, etc.)
• Strong ability to troubleshoot, strategize a solution and execute necessary steps
• Bachelor’s degree ( OR Master's degree plus 6 years) in technical discipline with greater than 8 years prior relevant experience (Electrical Engineering, Computer Engineering, Computer Science, Mathematics or related discipline)

Additional Job Description:

Compensation and Benefits 

The annual base salary range for this position is $107,000 - $190,000

This position is also eligible for a discretionary annual bonus in accordance with relevant plan documents, and equity in accordance with equity plan documents and equity award agreements. 

Broadcom offers a competitive and comprehensive benefits package: Medical, dental and vision plans, 401(K) participation including company matching, Employee Stock Purchase Program (ESPP), Employee Assistance Program (EAP), company paid holidays, paid sick leave and vacation time. The company follows all applicable laws for Paid Family Leave and other leaves of absence. 

Broadcom is proud to be an equal opportunity employer.  We will consider qualified applicants without regard to race, color, creed, religion, sex, sexual orientation, national origin, citizenship, disability status, medical condition, pregnancy, protected veteran status or any other characteristic protected by federal, state, or local law.  We will also consider qualified applicants with arrest and conviction records consistent with local law.

If you are located outside USA, please be sure to fill out a home address as this will be used for future correspondence.