Security Compliance and Validation Engineer (FIPS)
Research Triangle Park, North Carolina, United States; Wichita, Kansas, United States; Boulder, Colorado, United States; San Jose, California, United States; Cranberry Township, Pennsylvania, United States
Overview
At NetApp, we have a history of helping customers turn challenges into business opportunities. That’s because we bring new thinking to age-old problems, like how to use data most effectively in the most efficient possible way. As an Engineer with NetApp, you’ll have the opportunity to work with modern cloud and container orchestration technologies in a production setting. You’ll play an important role in scaling systems sustainably through automation and evolving them by pushing for changes to improve reliability and velocity.
Success profile
Ready to be an engineer at NetApp? Explore the traits that can help you thrive.
- Analytical
- Adaptable
- Communicator
- Detail-oriented
- Quick-thinking
- Problem solver
Responsibilities
Research Triangle Park, North Carolina, United States; Wichita, Kansas, United States; Boulder, Colorado, United States; San Jose, California, United States; Cranberry Township, Pennsylvania, United States Job category: Software Engineering Job ID: 128386-en_USAbout NetApp
NetApp is the intelligent data infrastructure company, turning a world of disruption into opportunity for every customer. No matter the data type, workload or environment, we help our customers identify and realize new business possibilities. And it all starts with our people.
If this sounds like something you want to be part of, NetApp is the place for you. You can help bring new ideas to life, approaching each challenge with fresh eyes. We embrace diversity and openness because it's in our DNA. Of course, you won't be doing it alone. At NetApp, we're all about asking for help when we need it, collaborating with others, and partnering across the organization - and beyond.
"At NetApp, we fully embrace and advance a diverse, inclusive global workforce with a culture of belonging that leverages the backgrounds and perspectives of all employees, customers, partners, and communities to foster a higher performing organization."-George Kurian, CEO
Job Summary
Join NetApp’s innovative Security development organization as a Security Compliance and Validation Engineer, where you'll be at the forefront of certifying and validating cryptographic modules for ONTAP, NetApp’s flagship operating system. Engage in assessing the compliance of cryptographic modules against the Federal Information Processing Standard (FIPS) 140-3, evaluating devices against the Common Criteria Security Evaluation and participating in the Department of Defense Information Network Approved Products List (DoDIN APL) validation process. This role encompasses a broad scope, including Entropy Source Validation (ESV), Cryptographic Algorithm Validation Program (CAVP), FIPS validations, and Common Criteria validations. This role involves working closely with various teams to track, validate, and maintain security certifications and compliance for our products.
This is a mid-level technical position that requires an individual to be broad-thinking, systems-focused, creative, team-oriented, technologically savvy, able to work in a small and large cross-functional teams, willing to learn and driven to produce results.
Job Requirements
- Ensure ONTAP products comply with FIPS 140-3 and Common Criteria
- Track and validate security certifications, including OpenSSL and other cryptographic modules
- Collaborate with the Product Security Group (PSG) to ensure all certifications are up-to-date and properly documented
- Develop and execute validation plans for security compliance
- Maintain detailed documentation of security compliance processes and validation results
- Report any discrepancies or issues found during validation to the relevant teams
- Perform reviews for various specifications, including test plans, test evidence, security policies, and validation reports
- Configure software/hardware test setup for conducting the validation activities
- Create and update documentation required for certifications submissions and audits
Education
- Requires greater than 3-5 years of technical experience in FIPS 140-2 or FIPS 140-3 validation of cryptographic modules and Common Criteria evaluation
- Experience collaborating with FIPS validation labs for testing cryptographic modules
- Familiar with FIPS 140-3, CAVP/ESV/CMVP programs, cPP and CC standards, and the various validation processes
- Ability to create or use automation tools and frameworks for security validation
- Strong understanding of cryptography and security protocols (TLS, IPsec)
- Good knowledge of cross-compilation and package creation of open-source utilities on Linux as required for above certifications
- Excellent coding skills in Python, C required
- Willing to work on additional tasks and responsibilities that will contribute towards team, department and company goals
- Proficiency in conducting source code reviews and operational tests of cryptographic modules
- Strong interpersonal skills to develop relationships with labs as a technical point-of-contact
Compensation:
The target salary range for this position is 138,780 - 195,030 USD. The salary offered will be determined by the candidate's location, qualifications, experience, and education and may be outside of this range. Final compensation packages are competitive and in line with industry standards, reflecting a variety of factors, and include a comprehensive benefits package. This may cover Health Insurance, Life Insurance, Retirement or Pension Plans, Paid Time Off (PTO), various Leave options, Performance-Based Incentives, employee stock purchase plan, and/or restricted stocks (RSU’s), with all offerings subject to regional variations and governed by local laws, regulations, and company policies. Benefits may vary by country and region, and further details will be provided as part of the recruitment process.
Equal Opportunity Employer:
NetApp is firmly committed to Equal Employment Opportunity (EEO) and to compliance with all federal, state and local laws that prohibit employment discrimination based on age, race, color, gender, sexual orientation, gender identity, national origin, religion, disability or genetic information, pregnancy, protected veteran status, and any other protected classification.
Did you know...
Statistics show women apply to jobs only when they're 100% qualified. But no one is 100% qualified. We encourage you to shift the trend and apply anyway! We look forward to hearing from you.
Why NetApp?
We are all about helping customers turn challenges into business opportunity. It starts with bringing new thinking to age-old problems, like how to use data most effectively to run better - but also to innovate. We tailor our approach to the customer's unique needs with a combination of fresh thinking and proven approaches.
We enable a healthy work-life balance. Our volunteer time off program is best in class, offering employees 40 hours of paid time per year to volunteer with their favorite organizations. We provide comprehensive medical, dental, wellness, and vision plans for you and your family. We offer educational assistance, legal services, and access to discounts. Finally, we provide financial savings programs to help you plan for your future.
If you want to help us build knowledge and solve big problems, let's talk.
Our values
Put the customer at the center. Care for each other and our communities. Think and act like owners. Build belonging every day. Embrace a growth mindset.
Benefits
Volunteer time off
40 hours of paid volunteer time each year.
Well-being
Employee Assistance Program, fitness, and mental health resources to help employees be their best.
Time away
Paid time off for vacation and to recharge.
Jobs for you
- Client Executive Baltimore, Maryland, United States; Vienna, Virginia, United States
- Sr. Product Manager, AI ML San Jose, California, United States; Bellevue, Washington, United States; Research Triangle Park, North Carolina, United States
- Graduate Software Engineer Canberra, Australian Capital Territory, Australia; Melbourne, Victoria, Australia
Your recently viewed jobs will appear here.
You have no saved jobs. Start browsing jobs here
Recruitment scam warning
When conducting a job search, you’re bombarded with outreach. Here are tips to keep you safe from recruitment fraud.
Stay in touch
Equal Opportunity Employer*
NetApp is firmly committed to Equal Employment Opportunity (EEO) and to compliance with all federal, state and local laws that prohibit employment discrimination based on age, race, color, gender, sexual orientation, gender identity, national origin, religion, disability or genetic information, pregnancy, protected veteran status and any other protected classification. We pledge to take every reasonable step to ensure that our applicants and employees are respected, treated fairly and with dignity. See the EEO poster, Know your rights poster, and NetApp EEO policy. NetApp makes reasonable accommodations, consistent with applicable laws, for religious purposes and for the known physical or mental limitations of an otherwise qualified applicant or employee with a disability, who can perform the essential job functions unless undue hardship would result.
State-specific postings/notices to applicants regarding contract compliance can be found here in English and here in Spanish, and fair employment practice information can be found here.
Reasonable accommodation
If you are an applicant with a physical or mental disability requiring an accommodation, or you require a religious accommodation for any part of our application process, please email gdib@netapp.com. Each request for reasonable accommodation will be considered on a case-by-case basis, consistent with applicable laws and regulations. Please note, this email address is only for accommodation requests; we do not accept unsolicited resumes.
Data privacy
We care about your privacy and therefore ask that you read our Applicant Privacy Policy (PDF) before you submit any personal information to us.
NetApp may use an automated employment evaluation tool or similar tool as one of several tools, actions, and/or steps to assist with NetApp’s review of candidate applications for various hiring needs. Currently, when addressing certain hiring needs, NetApp uses the Eightfold tool which can provide an initial ranking of a candidate’s skills and experience, based on information provided by the applicant in the application and/or supporting documentation, in comparison to the NetApp designated key requirements of a specific role. Additionally, the tool may be used to help review and /or rank internal employees seeking promotion or other internal mobility.
An independent audit of the Eightfold Matching Model tool can be found at https://eightfold.ai/nyc-eightfoldmatching-model.
Candidates may request an alternative selection process which will not be subject to the Eightfold matching tool or to any electronic automated employment evaluation by contacting NetApp at careers@netapp.com. To bypass the Eightfold matching tool or any electronic automated employment evaluation, you must include a resume and job ID with your email to careers@netapp.com and you must include in the subject line of your email: Data Privacy Request. Candidates who have questions or want to request additional information on the source of data, type of data, and/or collection of data related to the candidate review process should contact NetApp at careers@netapp.com
*Applies to applicants for employment in the United States.