ASSOCIATE  PRODUCT SECURITY TESTER

Associate Product Security Tester

Lightship Security is a market leader in IT security standards-based conformance testing and test automation.  We work with leading edge security technology vendors from around the world to perform conformance testing to various IT security Standards such as FIPS 140-2 and Common Criteria.

Due to recent growth, Lightship is seeking a Senior Product Security Tester to work in the field of security testing.  The successful candidate will work in a collaborative team environment and consult closely with project stakeholders to ensure a product’s conformance with the specified security requirements.

Key Responsibilities

A Senior Product Security Tester will lead projects in the review, consultation and assessment of products against international standards such as Common Criteria and FIPS 140-2 as well as against custom security requirements.  A typical project includes leading workshops with customers, consultation and assessment of a product’s security architecture, constructing standards-based documentation such as a Security Target, analysis and assessment of system entropy quality, construction and/or execution of a standards-based test plan using Lightship’s Conformance Automation Platform tool, vulnerability analysis and penetration testing.

Projects will involve both hardware and software devices and the ideal candidate will have a strong background and knowledge of security products such as routers, switches, firewalls, VPN gateways, proxies, etc. The successful candidate will be able to demonstrate expertise with the Linux operating system, virtualization technologies, cryptographic concepts and networking fundamentals.  Knowledge and experience using X.509 PKI and cryptographic libraries is considered an asset.

As a Senior Product Security Tester, the candidate is expected to interface with customers to provide them with sound technical consulting and support during the testing process.

Technical Requirements

  • Must have at a minimum of 1-3 years experience working with enterprise IT products(NetApp, Fortinet, Cisco…);
  • Strong knowledge of networking technologies, protocols and information delivery such as: TCP/IP, SSL/TLS, SSH and HTTP;
  • Experience with programming and scripting languages such as: Python, Bash and C;
  • Demonstrative experience using Linux and Windows operating systems;
  • Demonstrative experience with virtualization technologies, such as hypervisors and software-defined networking;
  • Experience with vulnerability analysis and penetration testing of both hardware and software targets;
  • Knowledge of fundamental cryptographic concepts and leading cryptographic algorithms;
  • A University degree or college diploma in a technical field is required; and
  • Knowledge of FIPS 140-2, Common Criteria, and other related standards are an asset.

Non-Technical Requirements

  • Minimum 2 years experience in a customer-facing technical role;
  • Ability to manage concurrent projects;
  • Excellent communication skills: ability to express requirements in technical and non-technical terms to customers, peers, and management; must be able to prepare consistent and quality reports for consumption by critical customers;
  • A proven ability to work independently; and
  • Possess creative and critical thinking skills.

Other Requirements

  • All candidates must be eligible for a Government of Canada security clearance to a minimum level of Secret; and
  • Must be able and willing to travel internationally <20% and hold a valid passport.

Ready to Apply?

Please send us your resume and a cover letter to apply for this position.

hire@janehillconsulting.com

Only those selected for an interview will be contacted. No agents, please.