Jr. Common Criteria Evaluator

SGS Brightsight is the number one independent security lab in the world. We are expanding our mobile software security team to keep offering high-quality security evaluation services to the world's leading OEMs and mobile devices application and solution developers.

Mobile devices are ubiquitous in everyday life. They provide our modern society with an endless range of applications and advantages. Some of these mobile devices, however, are used to handle sensitive information such as personal, financial or even medical data. Such data needs to be adequately secured and protected.

One of the methods that we use to perform security evaluations is the international standard for IT security, the Common Criteria (CC). The CC provide a common set of requirements for the security functionality of IT products and an evaluation methodology. These IT products may be implemented in hardware, firmware or software. Examples of IT products that you might work on are: ePassports, integrated circuits, smart card banking applications, Javacard platforms, payment terminals, host security modules, medical and in-car devices.

What is an evaluation? An evaluation encompasses three phases:

• Understand The evaluator interacts with the customer to understand the product and work side by side with technical experts to gather all information needed to assess the security of the device.
  
• Assessment During the assessment the evaluator determines whether the device meets a set of requirements to satisfy the security needs.
  
• Present and convince The outcome of the assessment will be presented in the form of a report or a presentation to the external approval body. This body will only grant the certificate when we can convincingly prove that the quality of our evaluation work is commensurate to what the standard requires.
  
  We work with a large variety of customers and several approval bodies. This means that each evaluation is unique and requires flexibility, the ability to communicate with several stakeholders and the ability to observe situations and dilemmas from different perspectives.
  To grasp the complexity of the CC evaluation methodology and the delicate balance between all involved parties, you will be assigned to a trainer. Gradually you will be introduced to different concepts of the CC with a hands-on training program that will allow you to work on real projects. Through the training you will increasingly gain responsibilities.
  Qualifications
  

  We are looking for people with a critical mindset, who are not afraid to ask questions, proactive and assertive. We consider a flexible attitude, the ability to understand different perspectives and the ability to convincingly present a sound argumentation to be necessary assets of a suitable candidate. Additionally, you must have a good command of the English language. Of course a BSc, MSc, PhD in a technical field is a necessary base to be successful in this field.
  

  For this position, experience in CC evaluation and knowledge of the CC standard are not required. However, willingness to learn and curiosity are vital. In our company, attitude is as important as technical background.