Common Criteria Evaluator [Netherlands]

 

Company Description

SGS Brightsight is the largest independent security evaluation lab in the world, with seven accredited labs worldwide.

SGS Brightsight supports companies in getting their products ready and in compliance with the latest security regulations and requirements. With over 35 years of experience in evaluating IT products in different industries, we evaluate these products against requirements set by governmental and private schemes. SGS Brightsight has been a Common Criteria and EMVCo hardware lab since 2002.

Job Description

We are seeking a highly skilled and detail-oriented professional to join our team as a Common Criteria Evaluator. As a Common Criteria Evaluator, you will be responsible for evaluating and assessing the security functionality of information technology products based on the Common Criteria standard. Your role will involve conducting thorough evaluations, analyzing security documentation, and providing detailed reports and recommendations. You will collaborate closely with cross-functional teams and contribute to the overall improvement of product security and compliance.

We are looking for people with a fascination for IT security. You will join a multidisciplinary team to execute security evaluations on state-of-the-art products such as, Trusted Execution Environment, Hypervisor, Real Time Operating Systems, Artificial intelligence, Secure elements, network devices, key managers, Hardware Security Modules...

Responsibilities

• Perform comprehensive evaluations of information technology products based on the Common Criteria standard.
• Review and analyze security documentation, including security policies, specifications, and test plans.
• Conduct thorough assessments of security functionality, vulnerability analysis, and risk management practices.
• Utilize testing tools, methodologies, and frameworks to assess the security of products.
• Collaborate with product development teams to identify potential security vulnerabilities and propose mitigation strategies.
• Prepare detailed evaluation reports outlining findings, analysis, and recommendations.
• Stay updated on the latest developments in the field of Common Criteria and security evaluation methodologies.
• Collaborate with external evaluators, vendors, and clients to ensure compliance with relevant standards.
• Participate in the improvement and development of evaluation processes, methodologies, and best practices.
• Provide guidance and support to internal teams regarding security compliance and evaluation requirements.

Qualifications

Must

• Bachelor's or master's degree in a technical field of study (Computer science, Telecommunications, electronics, physics, mathematics).
• Strong analytical and problem-solving skills with attention to detail.
• Ability to work effectively both independently and collaboratively in a team environment.
• Strong organizational skills with the ability to prioritize tasks and meet deadlines.
• English language skills required.

Desired

• Solid understanding of security principles, cryptographic algorithms, and security protocols.
• Knowledge/experience in ISO27001, Common Criteria, SESIP, PSA, CSA, LINCE, NESAS, PCI…
• Knowledge/experience in Smartcards, HSM, ARM, cryptography, web, networking technologies
• Experience in conducting security evaluations, vulnerability assessments, or penetration testing.

Additional Information

WHY WORK FOR SGS BRIGHTSIGHT?

SGS Brightsight is the number one independent security evaluation lab in the world. We have over 30 years of experience in evaluating security products against a variety of requirements.

At SGS Brightsight you will:

• Be part of a multicultural team with highly motivated colleagues from all over the world
• Work for the recognized global leader in security evaluations
• Work with all major developers on their latest innovations
• Enjoy an informal and intellectually challenging work environment

 

.