About NSS Labs, Inc.
NSS Labs, Inc. is recognized globally as the most trusted source for independent, fact-based cybersecurity guidance. Our mission is to advance transparency and accountability within the cybersecurity industry. We empower enterprises by providing them with timely, relevant information on which to base their decisions. Our unmatched foundation in security testing, along with our extensive research and global threat analysis capabilities, provide the basis for NSS Labs’ Cloud Platform for Continuous Security Validation. This cloud platform measures the ongoing effectiveness of security controls, providing a real-time score card to help business leaders substantiate their securityinvestments. Businesses can also leverage the threat data delivered by this cloud platform to strengthen their cyberrisk posture and mitigate threats to their operating systems and applications. CISOs, Chief Security Architects, SOC and Threat Analysts, and information security professionals from many of the world's largest and most demanding enterprises rely on trusted insights from NSS Labs. For more information, visit www.nsslabs.com.
NSS Labs is seeking a Senior Test Engineer in Austin, Texas to interact directly with vendors to generate, analyze, and document performance and security metrics for many different security products. This position works closely with many functions within the company to develop new tests, build out and maintain new test environments, and execute and maintain existing tests. As the expert responsible for testing a security technology from harness concept through to operation and maintenance, this individual will support the objective, scientific, fact-based approach to testing enterprise security technologies that the market has grown to respect and depend on.
- Development of test methodology and test cases that assess the efficacy of a security technology as it pertains to enterprise use cases.
- Build out test environments, including installation of systems and products.
- Conducting and/or overseeing on-site and remote vendor engagements.
- Adherence to all test Standard Operating Procedures (SOP) including, but not limited to, test development best practices, test development workbook completion, scorecard development and engagement notes capture.
- Participate in the creation of thought leadership pieces (delivered as webinars or research papers) that assist enterprises in their decision making.
- Communicate findings to both technical and non-technical audiences.
- Engage with and support enterprise clients to ensure the use cases and testing represent the challenges faced in product deployment.
Required Skills and Experiences:
- Expertise with one or more of our core Technology Areas: Security Event Management, Content Protection (DLP, Encryption, Access Control), Endpoint Security typically obtained in 3-5 years.
- 3+ years of hands-on experience with security technology, whether network, endpoint, or operational forensics.
- Expert troubleshooting skills in MS Windows and Unix/Linux environments.
- Expert TCP/IP networking, networking architectures, and troubleshooting skills, including IPv6.
- Knowledge of RFC standards, specifically RFC 2544 and RFC 5180, and how they apply to networked devices.
- Packet analysis and network protocol dissection skills, using tools such as Wireshark/Ethereal.
- Good knowledge of network device performance testing.
- Good knowledge of networksecurity device design.
- Hands-on experience configuring server hardware and deployment of MS Windows and Linux operating systems.
- MS Windows and Linux network administration experience.
- Awareness of SDLC and quality assurance and how these relate to product testing.
- Strong English verbal and written communication skills.
- Professional presentation and communication skills.
- Comfortable working with third-party vendors.
- Software development background.
- Good understanding of security software testing.
- Scripting experience in Powershell, Python, Java, VBScript, Perl, Ruby, etc.
- Experience with network and security performance testing equipment, both hardware and software (e.g., BreakingPoint and other Ixia products, Spirent/Mu Dynamics, Tomahawk, etc.).
- Knowledge of regulatory compliance: GLBA, SOX, PCI, HIPAA and Assessment Services a plus.
- CISSP or other professional certifications.