NIST FIPS Expert, Senior

The Challenge:

Booz Allen is seeking an Information Security Risk Engineer in the development of embedded code for the Digital Soldier to support the warfighter and to allow better autonomy while increasing their ability to communicate within an operational space. Digital Soldier Technologies was created to allow the warfighter to seamlessly communicate across various devices in an untethered, wireless, secure manner with enhanced technologies. The U.S. Army is focused on unburdening, improving the maneuverability of, and reducing the logistic footprint for the dismounted soldier performing Small Unit Operations including the ability to better access and share situational awareness and Intelligence, Surveillance and Reconnaissance (ISR) information to reduce operational surprise. These solutions will be required to operate while the soldier is mounted or dismounted and function across a broad spectrum of Army operations at the tactical edge of the battlefield.

Digital Soldier systems will enable secure seamless connectivity between sub-system components, including the End User Device (EUD), Helmet Mounted Display (HMD), Enhanced Night Vision Goggle - Binocular (ENVG-B), radio, headset, radio push-to-talk (PTT) switch, and various body worn bio-sensors across the soldier’s body. The overall vision is to develop this technology to the point that other U.S Army and Department of Defense (DoD) programs and systems could leverage the capability to allow for wireless communication amongst different components using a variety of industry standard interfaces.

The Information Security Risk Engineer shall perform Federal Information Processing Standards (FIPS) 140-2 and 140-3 testing, using a variety of tools. Lead the assessment of requirements, running various testing tools, interpreting results, minimizing false positives, documenting results in formal reports and representing our validation teams in front of clients and government oversight bodies. Lead FIPS 140 tasks or full validations and performing as the direct point of contact with our commercial clients to ensure we are delivering our IT certification services to client expectations. Communicate and justify findings with clients and reviewers. Provide FIPS 140 guidance, testing and documentation creation to a development team designing cryptographic modules for military applications. Provide training, assign tasking, and review work performed by junior staff. This position is open to remote delivery anywhere within the U.S., to include the District of Columbia.

Empower change with us.

You Have:

  • 2+ years of experience with Federal Information Processing Standards (FIPS) 140-2 and 140-3 validations at Overall Levels 1 and 2
  • Experience with multiple FIPS 140-2 or FIPS 140-3 validations and performed the validation activities multiple times for different levels and module embodiments
  • Experience with Cryptik or Web Cryptik, and NIST Entropy Calculator tools
  • Experience with algorithm testing under Automated Cryptographic Validation Testing System (ACVTS) or Cryptographic Algorithm Validation System (CAVS)
  • Knowledge of NIST Special Publications and FIPS PUBS regarding algorithms, modes, DRBGs, and entropy
  • Ability to obtain a security clearance
  • Bachelor's degree
  • FIPS 140-3 Cryptographic Validation Program (CVP) Certification

Nice If You Have:

  • Experience with compilers and debuggers
  • Experience with training and leading junior staff
  • Experience with certification standards, including Common Criteria, DODIN APL, or FedRAMP
  • Knowledge of programing or scripting languages
  • Possession of excellent oral and written communication skills
  • Secret clearance
  • BS degree in CE, CS, Math, Cryptography, Information Security or Information Sciences and Technology


Applicants selected will be subject to a security investigation and may need to meet eligibility requirements for access to classified information.

The proposed salary range for this position in Colorado is $90,000 to $120,000. Final salary will be determined based on various factors.

At Booz Allen, we celebrate your contributions, provide you with opportunities and choice, and support your total well-being. Our comprehensive benefit offerings include healthcare, retirement plan, insurance programs, commuter program, employee assistance program, paid and unpaid leave programs, education assistance, and childcare benefits.

Build Your Career:

Rewarding work, fun challenges, and a ton of investment in our people—that’s Booz Allen cyber. When you join Booz Allen, we’ll help you develop the career you want.

  • Competitions — From programming competitions at our PyNights (Python competition and learning events) to competing in CTFs, we’ve got plenty of chances for you to show off your skills.
  • Paid Research — Have an innovative idea to explore or hypothesis to test? You can participate in challenges via our crowdsourcing platform, the Garage, and other programs to be awarded dedicated time and funding to advance your skills.
  • Cyber University — CyberU has more than 5000 instructor-led and self-paced cyber courses, a free online library that you can access from just about anywhere—including your phone—and certification exam prep guides that include practical assessments to prepare you for your exam.
  • Academic Partnerships — In addition to our tuition reimbursement benefit, we’ve partnered with University of Maryland University College to offer two graduate certificate programs in cybersecurity—fully funded without a tuition cap.
  • Maker/Hackerspaces — Race drones, print 3D gadgets, drink coffee from our Wi-Fi coffee maker, and get hands-on training on tools and tech from in-house experts in our dedicated maker and hackerspaces.

We’re an EOE that empowers our people—no matter their race, color, religion, sex, gender identity, sexual orientation, national origin, disability, veteran status, or other protected characteristic—to fearlessly drive change.

#LI-AH1, #LI-Remote

Not ready to apply? Join our talent community and sign up for job alerts.