- Home-based in US or European time zones
Reports To: Engineering Manager for Security Certifications
Ubuntu is built with Security in mind from the ground up and keeps you protected against security vulnerabilities. Ubuntu helps organizations remain compliant to FIPS 140-2 and Common Criteria standards. You will use your applied cryptography, Linux and C coding skills to enhance the Ubuntu distribution to attain FIPS and Common Criteria certifications, and open up the Ubuntu distribution to new market sectors and industries. You will also work with DISA and CIS to help draft Ubuntu STIGs and Ubuntu CIS benchmarks. You will work with the team to develop automation tooling for making Ubuntu systems STIG and CIS benchmark compliant. Scripting skills (OVAL/bash/python) will be used to assist with tooling.
The successful candidate will collaborate with Canonical’s kernel and security teams to extend and enhance the Ubuntu distribution with the features necessary to achieve and retain FIPS and CC certification.
- Extend and enhance Linux cryptographic components, specifically with modules such as OpenSSL/OpenSSH with the features and functionality required for FIPS and CC certification
- Collaborate with external security consultants to test and validate kernel and crypto components, achieve and then retain FIPS and CC certification
- Work in partnership with the internal project manager to ensure delivery against project goals and milestones, identifying technical risks and mitigating them
- Contribute to Ubuntu mainline and upstream projects to land solutions and benefit the community
- Contribution to continuous integration infrastructure: automated testing and validation
- Self-discipline and self-motivation to perform day-to-day engineering activities and deliver to schedules in a globally distributed team
- Communication and collaboration within and outside Canonical to rapidly resolve issues and keep the project on track
Required Skills and Experience:
- Experience of working with open source libraries in general like OpenSSL, OpenSSH, libgcrypt etc.
- Knowledge of security benchmarks such as STIG and CIS benchmarks.
- Security Certification experience and knowledge in FIPS and/or CC
- Experience with patching and associated tooling: identifying, isolating, applying and testing patches, and resolving any resulting issues
- General Linux development skills (C proficiency, git experience, debugging with gdb)
- Experience with bash scripting and OVAL
Desired Skills and Experience
- Software packaging and maintenance experience, especially using Debian packaging
- Knowledge of and familiarity with low-level Linux cryptography APIs and debugging
- Familiarity with open source development tools and methodologies, especially those in common-use for development of the Linux ecosystem such as: Launchpad, IRC, and mailing-lists.