 Each team member will be responsible to conduct security compliance analysis or testing of operational, management, and technical controls for IT products, including COTS and GOTS, networks, and systems such as network Routers, Switches, Software Modules and Wireless Controllers and Access Points which may include:Perform FIPS 140 validation testing on active Cryptographic Security Testing Laboratory testing projects for submission to the Cryptographic Module Validation Program (CMVP)Perform testing on algorithm implementations to obtain required algorithm certificates from the Cryptographic Algorithm Validation Program (CAVP)Develop test plans and procedures using applicable security control catalog, including FIPS 140, DCID 6/3, DoD 8500, or NIST SP 800-53Perform vulnerability analysis of product or system designs against applicable security criteria using common tools, including Nessus, NMAP, and WireSharkAuthor security testing reports to detail the findings noted during testingDevelop mitigation strategies to address vulnerabilities uncovered during security testingAssist with completing security documentation to meet certification and authorization requirements, as requiredTake and pass the Cryptographic Validation Program (CVP) examCommunicate with fellow team members, vendors, and oversight bodies (CMVP, CAVP) regarding findings
