Senior InfoSec Auditor (UK, Remote)

View full description

Requirements:

• Thorough understanding of the Common Criteria (ISO/IEC 15408), FIPS, and other Federal certifications and evaluation methodologies.
• Familiarity with Common Evaluation Methodology (CEM) and associated documentation like Protection Profiles and Security Targets.
• In-depth knowledge of IT systems, including hardware, software, and networks.
• Understanding of system architectures, components, and interactions.
• Experience in analyzing technical specifications, designs, and system documentation.
• Previous professional experience in a similar role with a focus on Common Criteria audits.
• Effective communication skills across diverse teams.

Responsibilities:

• Serve as the primary lead and point of contact in the evaluation and certification process of information technology products and systems.
• Evaluate product/system against specified evaluation assurance level (EAL) to determine if security requirements are met.
• Assess product/system’s security features, design, implementation, and documentation through hands-on testing.
• Develop a comprehensive audit plan defining the evaluation scope, identifying security requirements, and determining EAL.
• Interact with product developers and stakeholders to communicate audit progress, findings, and necessary corrective actions.