We’re looking for junior Common Criteria security evaluators
published on February 4, 2019
The essence of a security evaluation is understanding the security of a product and explaining whether the product meets a certain standard. Our customers are product developers who request Brightsight to use this standard to perform an evaluation aiming at obtaining a certificate from an external approval body. Brightsight is looking for talented people who aspire to join our evaluation team.
One of the methods that we use to perform security evaluations is the international standard for IT security, the Common Criteria (CC). The CC provide a common set of requirements for the security functionality of IT products and an evaluation methodology. These IT products may be implemented in hardware, firmware or software. Examples of IT products that you might work on are: ePassports, integrated circuits, smart card banking applications, Javacard platforms, payment terminals, host security modules, medical and in-car devices.
What is an evaluation? An evaluation encompasses three phases:
- Understand: The evaluator interacts with the customer to understand the product and work side by side with technical experts to gather all information needed to assess the security of the device.
- Assessment: During the assessment the evaluator determines whether the device meets a set of requirements to satisfy the security needs.
- Present and convince: The outcome of the assessment will be presented in the form of a report or a presentation to the external approval body. This body will only grant the certificate when we can convincingly prove that the quality of our evaluation work is commensurate to what the standard requires.
We work with a large variety of customers and several approval bodies. This means that each evaluation is unique and requires flexibility, the ability to communicate with several stakeholders and the ability to observe situations and dilemmas from different perspectives.
To grasp the complexity of the CC evaluation methodology and the delicate balance between all involved parties, you will be assigned to a trainer. Gradually you will be introduced to different concepts of the CC with a hands-on training programme that will allow you to work on real projects. Through the training you will increasingly gain responsibilities.
THE JOB REQUIREMENTS
We are looking for people with a critical mindset, who are not afraid to ask questions, proactive and assertive. We consider a flexible attitude, the ability to understand different perspectives and the ability to convincingly present a sound argumentation to be necessary assets of a suitable candidate. Additionally, you must have a good command of the English language.
For this position, experience in CC evaluation and knowledge of the CC standard are not required. However, willingness to learn and curiosity are vital.
In our company, attitude is as important as technical background.
HOW TO CONTACT US
Please contact Mark Balkenende, HR Manager, +31 15 2692500 or send your CV to firstname.lastname@example.org.