Senior InfoSec Auditor (Italy, Remote)

View full description

Requirements:

• Thorough understanding of the Common Criteria (ISO/IEC 15408), FIPS, and other Federal certifications and its evaluation methodologies.
• Familiarity with Common Evaluation Methodology (CEM) and associated documentation (Protection Profiles, Security Targets, etc.).
• In-depth knowledge of IT systems: hardware, software, and networks.
• Understanding of system architectures, components, and interactions.
• Analyzing technical specifications, designs, and system documentation.
• Previous professional experience in a similar role with a focus on Common Criteria audits.
• Experience with communicating effectively and efficiently across diverse teams, through verbal and written exchanges.

Responsibilities:

• Serve as the primary lead and point of contact in the evaluation and certification process of information technology products and systems.
• Evaluate the product/system against the specified evaluation assurance level (EAL) to determine if the security requirements have been met.
• Assess product/system’s security features, design, implementation, and documentation. Perform hands-on testing.
• Develop a comprehensive audit plan; defining the scope of the evaluation, identifying security requirements, and determining EAL to be achieved.
• Interact with product developers and stakeholders to communicate audit progress, findings, and any necessary corrective actions.