Junior Security Analyst
Jennifer Davis
sigje at sigje.org
Mon Jun 26 14:58:21 PDT 2006
Junior Security Analyst
Decru has obtained/is in process for multiple security certifications,
including FIPS 140-2 level 3, Common Criteria level 4, CESG, DCSSI, PL-3,
and DoD 5015.2. We are currently searching for a Junior Security Analyst.
The qualified candidate will be a strategic member of the Decru's
Engineering Team. Future career growth paths can include: design work,
auditing and security management.
Responsibilities:
. Review copies of the engineering design docs (e.g. functional
spec) for correctness, kick them back when they are not correct, and make
updates as necessary. Basically, a doc reviewer and editor for all of
engineering (SAN, NAS, LKM, SEP)
. FIll in missing information in the engineering design docs, both
information that engineering failed to provide, and information needed for
a specific cert that engineering does not provide (e.g. make tables of
which crypto engines are used by which source code modules, document
buffers holding keys, follow code paths to document error handling etc.)
. Take existing engineering design docs, and write correspondence
mappings for these, for CC, and also for FIPS. Examples of correspondence
documents are:
1. Security Policy Model, for SAN and NAS, and later, LKM
2. Correspondence from Security Policy Model to Functional
Spec, from functional
spec to High Level Design, from High Level Design to Low
Level Design, from
low-level design to source code
3. Correspondence from FIPS CKM to source code, from FIPS
Finite State Model
to Source Code
. Test help:
1. Spec out Cert tests
2. Help write automated cert tests
3. Review and make sure the automated tests are kept
up to date by QA
Requirements:
. Knowledge of C (enough to write test code, and also enough to read
code in C)
. Ability to write
. smart, willing to learn
. passionate about security
More information about the Baylisa
mailing list