We are looking for a result oriented, energetic Cyber Security Engineer – DevSecOps, who will be responsible for architecting and implementing DevSecOps pipelines, including legacy software product migration strategies. The position provides secure development engineering advice, guidance, and assurance for projects both on prem and cloud.
Key Responsibilities
- Designing and implementing robust security architectures for digital systems, ensuring the confidentiality, integrity, and availability of data.
- Identifying and mitigating potential security threats through in-depth analysis of intrusion attempts, proactive threat research, and the implementation of countermeasures.
- Developing and refining incident response processes to ensure swift and effective action in the event of security incidents, minimising impact, and downtime.
- Scrutinising code bases to eliminate common coding vulnerabilities, ensuring secure application development and deployment.
- Deploying and managing advanced security tools to systematically identify and resolve security issues across a spectrum of systems and applications.
- Ensuring adherence to industry-specific compliance standards and regulations in all security initiatives.
- Minimum 3 years of hands-on experience in Cyber Security, showcasing a deep understanding of Security Engineering principles, cyber threats, and associated risks.
- Proficient knowledge of relevant information security frameworks and standards, including ACSC ISM, ISO27001/2, NIST 800-53, NIST CSF, and other NIST best practices within the sector.
- Demonstrated expertise in evaluating current and emerging technologies, assessing their relevance, potential value, and associated risks for the organisation.
- Preferable experience in both Windows and Linux environments, providing a comprehensive skill set.
- Exceptional presentation, analytical, and interpersonal skills with meticulous attention to detail
- Proven ability to view existing processes and procedures as opportunities for enhancement, tuning, and improvement.
- Highly desirable qualification: IRAP (Information Security Registered Assessor Program), emphasising a commitment to excellence in information security practices.
- Hands-on experience with Cloud Technologies in various environments.
- Proficient in Secure Development Lifecycle Principles, with demonstrated expertise in software security frameworks, requirements, and threat analysis, including OWASP tools and strategies.
- Proven ability to drive a shift-left approach to security and work in DevSecOps environments.
- Expertise in architecting and implementing DevSecOps pipelines, including legacy software product migration strategies.
- Experienced in securing REST APIs, microservices, and cloud-native applications, with a solid understanding of Azure, OpenShift, or AWS—relevant cloud certifications are a plus.
- Familiarity with container deployment, orchestration, and management technologies, including Docker and Kubernetes.
- Knowledgeable about modern web and mobile application frameworks and their security requirements.
- Proficient in Threat Modelling techniques and automated testing frameworks for API, UI, and Product Security.
- Up-to-date knowledge and hands-on application of current and emerging software development practices.
- Extensive experience in code review, recognising code smells and implementing DevSecOps tooling such as SAST, DAST, RASP, RAST (e.g., IBM AppScan, Veracode, Synk, Coverity, SonarQube, Twistlock).
- Proficient in GitHub, GitHub actions, and GitHub workflow.
- Strong scripting skills (Python, Bash, Golang, PowerShell) for building automation tools within pipelines.
- Proficiency in one or more programming languages, with a preference for C#/.NET, JavaScript, React, PowerShell, Bash, and Python (3-5 years).
APPLY NOW! Attach your resume in WORD format and we will contact you should your skills be deemed suited.
Australian Permanent Residents or Citizens are eligible to apply.
Thank you, Torch Professional Services appreciates your interest.
Additional information
- Are you excellent in architecting and implementing DevSecOps pipelines?
- Established government organisation
- Best in class remuneration