Security Engineer - Certifications (FIPS, Common Criteria) - remote
Job Description:
Location Requirements:
- Home-based in US or European time zones
Reports To: Engineering Manager for Security Certifications
Role summary:
Ubuntu is built with Security in mind from the ground up and keeps you protected against security vulnerabilities. Ubuntu helps organizations remain compliant to FIPS 140-2 and Common Criteria standards. You will use your applied cryptography, Linux and C coding skills to enhance the Ubuntu distribution to attain FIPS and Common Criteria certifications, and open up the Ubuntu distribution to new market sectors and industries. You will also work with DISA and CIS to help draft Ubuntu STIGs and Ubuntu CIS benchmarks. You will work with the team to develop automation tooling for making Ubuntu systems STIG and CIS benchmark compliant and audit the systems for compliance. Scripting skills (OVAL/bash) will be used to assist with tooling. You will work with the team to achieve new compliance and certifications for Ubuntu as needed.
The successful candidate will collaborate with Canonicals kernel and security teams to extend and enhance the Ubuntu distribution with the features necessary to achieve and retain FIPS and CC certification.
Key Responsibilities:
- Extend and enhance Linux cryptographic components, specifically with modules such as OpenSSL/Libgcrypt with the features and functionality required for FIPS and CC certification
- Collaborate with external security consultants to test and validate kernel and crypto components, achieve and then retain FIPS and CC certification, develop CIS benchmarks and STIGs for Ubuntu
- Work in partnership with the internal project manager to ensure delivery against project goals and milestones, identifying technical risks and mitigating them
- Contribute to Ubuntu mainline and upstream projects to land solutions and benefit the community
- Contribution to continuous integration infrastructure: automated testing and validation
- Self-discipline and self-motivation to perform day-to-day engineering activities and deliver to schedules in a globally distributed team
- Communication and collaboration within and outside Canonical to rapidly resolve issues and keep the project on track
Required Skills and Experience:
- Experience of working with open source libraries
- Knowledge of Linux Security
- Experience with patching and associated tooling: identifying, isolating, applying and testing patches, and resolving any resulting issues
- General Linux development skills (C proficiency, git experience, debugging with gdb)
- Experience with bash scripting
Desired Skills and Experience
- Software packaging and maintenance experience, especially using Debian packaging
- Knowledge of and familiarity with low-level Linux cryptography APIs and debugging
- Familiarity with open source development tools and methodologies, especially those in common-use for development of the Linux ecosystem such as: Launchpad, IRC, and mailing-lists.
- Knowledge of security benchmarks such as STIG and CIS benchmarks.
- Security Certification experience and knowledge in FIPS and/or CC
- Experience with OVAL (Open Vulnerability Assessment Language) and Go
Employee Benefits Canonical Offers
- Flexible working options/work from home
- Tuition and Training Reimbursement
- Annual Bonus Plan
- Holiday for Service (Annual Leave)
- Conference Leave
- Priority Pass
- Laptop Refresh Benefit
Canonical believes a diverse workforce enhances our ability to deliver world class software and services which meet the worlds computing needs. We are committed to ensuring equal employment opportunity to all qualified individuals. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status.
#LI-Remote #stack