• Fips 140 Security Engineer

    System One (Columbia, MD)


    Job Title: FIPS 140 Security Engineer

    Type: Contract To Hire

    Compensation: $62.38 - $70.00 hourly

    Contractor Work Model: Remote

    Security Clearance: No active clearance is required. Applicants must be U.S. Citizens or lawful permanent residents (Green Card holders).

    Revised Job Description

    FIPS 140 Cryptographic Module Validation Engineer (CVP Certified Only) Columbia, MD | No Clearance Required

     

    Critical Pre-Screening Requirement: This role is exclusively for testers with active Cryptographic Validation Program (CVP) certification under NIST's CMVP. Applications without proof of current CVP certification (e.g., certificate number and expiration date in your resume/cover letter) will be automatically rejected. No exceptions—general security, pen testing, or app sec experience does not substitute.

     

    Join Us! Accredited Testing and Evaluation (AT&E) Lab for Common Criteria and FIPS 140-2/3 validations. In this hands-on cryptographic testing role, you'll validate commercial cryptographic modules (hardware/software/firmware) for CMVP certification, ensuring compliance for National Defense deployments. This is NOT a general cybersecurity, penetration testing, or IT security operations position—it's specialized lab-based crypto module evaluation in a NIST-accredited environment. You'll analyze entropy sources, review algorithm implementations (e.g., AES, RSA, SHA), and test against FIPS requirements like key management and physical tamper resistance. Work with industry experts on DoD-bound products in a secure lab setting.

    What You'll Do (FIPS/CMVP-Focused Tasks):

    + Perform end-to-end FIPS 140-2/3 validations: Derive test plans from module documentation, execute cryptographic algorithm tests (e.g., RNG, key exchange), PKI validations (X.509 chains, entropy assessment), and source code reviews for crypto implementations.

    + Conduct physical security testing (e.g., using oscilloscope for side-channel analysis, tamper evidence checks) and logical analysis against Protection Profiles.

    + Automate tests via scripting and develop custom tools for module evaluations.

    + Identify non-compliances in crypto designs, vulnerability exploits in modules, and report findings in ENT reports for NIST submission.

    + Build isolated test networks for module integration testing, including subnetting, routing, and protocol analysis (IPsec, TLS in FIPS modes).

    + Collaborate on lab entropy source statistical analysis and module re-validations.

    Required Qualifications (Must-Have for Consideration):

    + Active CVP Certification: Proven track record as a CVP-certified tester in a NIST NVLAP-accredited lab (include cert #, lab affiliation, and 2+ FIPS submission examples in your application).

    + Deep Cryptography Expertise: Hands-on testing of FIPS algorithms (AES, RSA, ECDSA, SHA-3, DRBGs), PKI (certificate validation, key generation), and entropy sources; knowledge of FIPS 140-3 transitions and CMVP Implementation Guidance.

    + Programming for Crypto Testing: Proficiency in C/C++, Python, or Java for reviewing/analyzing crypto code and automating FIPS test harnesses (e.g., ACVP protocol interactions).

    + Lab Testing Experience: Setting up FIPS-compliant environments, using tools like oscilloscopes/multimeters for physical tests, and debugging crypto failures (e.g., WinDBG for module crashes).

    + Standards Application: Interpreting NIST SP 800-140 series, applying to modules, and writing technical reports for CMVP submissions.

    + Network/Protocol Knowledge in Crypto Context: Configuring test beds for secure protocols (SSH, IPsec, TLS) in FIPS-approved modes; subnetting/routing for isolated module testing.

    + Troubleshooting & Reporting: Multitasking across validations, strong technical writing for NIST deliverables.

    + Education/Experience: BS in Computer Science/Engineering (or equivalent) with 2-4 years in FIPS/CMVP labs; or 4+ years without degree if CVP-certified with direct module testing.

    Nice-to-Haves (Not Substitutes for Requirements):

    + Python for entropy stats/analysis.

    + OpenSSL/OpenPGP expertise; ADB/WinDBG debugging.

    + Pen testing limited to crypto modules; CCNA or similar for lab networks.

    + Active Directory/Linux in test setups; X.509 deep dives.

     

    Why This Role? Exciting growth in crypto validation—learn from CST lab leads, handle diverse modules (e.g., HSMs, software libs), and contribute to secure military comms. Competitive pay, no clearance needed initially (but ability to obtain one is a plus).

     

    How to Apply: Submit resume with CVP proof and a brief summary of your last 2 FIPS validations (module types, your role, outcomes). We prioritize lab-experienced CVP testers from accredited facilities.

     

    System One, and its subsidiaries including Joulé, ALTA IT Services, and Mountain Ltd., are leaders in delivering outsourced services and workforce solutions across North America. We help clients get work done more efficiently and economically, without compromising quality. System One not only serves as a valued partner for our clients, but we offer eligible employees health and welfare benefits coverage options including medical, dental, vision, spending accounts, life insurance, voluntary plans, as well as participation in a 401(k) plan.

     

    System One is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender identity, age, national origin, disability, family care or medical leave status, genetic information, veteran status, marital status, or any other characteristic protected by applicable federal, state, or local law.

    #M-

    #LI-

    #DI-

    Ref: #850-Rockville (ALTA IT)

     

    System One, and its subsidiaries including Joulé, ALTA IT Services, CM Access, TPGS, and MOUNTAIN, LTD., are leaders in delivering workforce solutions and integrated services across North America. We help clients get work done more efficiently and economically, without compromising quality. System One not only serves as a valued partner for our clients, but we offer eligible full-time employees health and welfare benefits coverage options including medical, dental, vision, spending accounts, life insurance, voluntary plans, as well as participation in a 401(k) plan.

     

    System One is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender identity, age, national origin, disability, family care or medical leave status, genetic information, veteran status, marital status, or any other characteristic protected by applicable federal, state, or local law.