Address Negative Vetting 2 (NV2) is required. Candidates with NV1 would be considered on the condition that they have completed and submitted a security pack (NV1 to NV2 upgrade) to the Australian Government Security Vetting Agency (AGSVA) prior to commencement.
SFIA Level – SINT Level 6
The Identity Specialist will be required to perform and/or have responsibility for duties including, but not limited to:
Identify, develop and evaluate technical concepts and capabilities against functional and non-functional requirements.
Translate system specifications (functional, performance) and requirements (functional, processual, procedural, security) into technical solutions that align with architectural design principles.
Facilitate the design, build, development and transition of secure technical solutions aligned with best practice and relevant governance and security principles and frameworks.
Provide operational support to the project team for respective technologies
Conduct security requirement analysis and development to achieve certification and accreditation of solutions as per relevant policies and frameworks
Author, review, maintain and contribute to Solution Designs, Standard Operating Procedures, As-Built-As-Configured and other required documentation artefacts.
Collaborate with vendor/supplier specialists to provide solutions and optimise designs to achieve expected outcomes. It is expected that the candidate may not be familiar with certain technologies or products, but will be able to gain a working knowledge rapidly based on their prior knowledge and experience.
Internal stakeholder collaboration, including participating in project meetings, workshops, informational sessions, training, requirements gathering, use case analysis, or other related activities.
Contribute to the development of system integration policies, standards and practices.
Conduct and support Validation and Verification (V&V) activities
Support and/or undertake internal assessments of the Enterprise and Expeditionary ADF environments.
Identification and assessment of technical risks; collaborate with project stakeholders to inform and provide mitigation options and caveats.
Report to the Technical Lead in relation to status of activities, identified risks and task completion at a high enough level to allow upward communication through the organisation chain of command.
Required Skills and Experience:
5+ years’ experience designing, implementing and supporting identity solutions in large scale, geographically dispersed and security-hardened on-premise environments which operate in low-bandwidth and disconnected states;
Experience designing, implementing, or supporting/operating identity systems, including Quest One Identity Manager, Quest Active Roles, NetIQ Identity, ForgeRock, or similar technologies
Detailed knowledge or experience in Identity Federation
Experience implementing or supporting Identity Federation systems, including Microsoft Active Directory Federation Services, Ping Identity Federation, or similar federation technologies
Experience implementing and/or troubleshooting authentication protocols such as Kerberos, SAML, OpenID Connect, and OAuth.
Detailed knowledge and/or experience in Identity and Access Management and supporting technologies.
Detailed knowledge and/or experience in Privilege Access Management
Detailed knowledge and/or experience with Role Based Access Control (RBAC) and Attribute Based Access Control (ABAC)
Detailed knowledge or experience with cryptography and PKI services from a systems integration perspective
5+ years of experience working with Windows operating systems and middle tier application services, with a focus on pervasive security
Detailed knowledge or experience of Attribute Based Access Control (ABAC) and how it relates to RBAC
5+ years of experience implementing and supporting Microsoft Active Directory Domains and Forests
5+ years of experience designing, supporting, or implementing Microsoft Group Policy and Security hardening
Experience implementing and operating Microsoft Certificate Services or similar PKI technologies
Experience implementing or supporting hardware security modules (HSM)
Ability to take requirements, standards and frameworks and apply in a practical application to future proposed solution designs and systems
Strong communication, interpersonal and negotiation skills with demonstrable experience of presentation and engagement with stakeholders, projects and business areas
Ability to rapidly build, automate and deliver proof of concept systems to support analysis, testing, accreditation and development activities within a DevSecOps framework
Ability to adapt quickly to changing requirements in a fast paced highly kinetic environment to meet changing deadlines and deliverables
Ability to work under broad direction with a high level of autonomy
Experience developing highly available/fault tolerant systems, networks and infrastructure in a connected, partially connected, degraded or often disconnected state.
Desirable Skills and Experience
Detailed knowledge or experience in Multi-Factor Authentication and Zero Trust Architecture methodologies
Experience with Privileged Access Management technologies such as Delinea Secret Server or CyberArk.
Sound knowledge in areas including infrastructure, systems engineering, networking, middleware applications and system integration design
Experience designing, configuring, implementing, and supporting self-service password reset infrastructure.
Experience writing and reviewing technical documentation, ranging from High Level Designs (HLD), down to Standard Operating Procedures (SOP)
Understanding of credentials, authentication and authorisation principles and design alternatives
Understanding of ABAC and how it compares to RBAC
Knowledge of security attacks that apply to ICA
Familiarity with federation principles including NIST 800-63-3 and federation options between organisations
Design, Implementation and configuration skills for Microsoft Infrastructure technologies and enabling services
Detailed knowledge and experience in Active Directory Role based Access and Management technologies and processes
Detailed knowledge and experience of Identity Federation technologies, approaches and application integration with federation technologies
Sound knowledge of Infrastructure services, including As-A-Service and Software Defined principles
Knowledge of secure identity service integration with Infrastructure and related service interfaces, including Privileged Access Management
Previous experience in a Technical Architect and/or Senior Operational Support role
5+ years of experience in configuring, building and supporting multi-vendor geographically dispersed solutions
5+ years designing, configuring, implementing and supporting secure infrastructure systems, including varying levels of required security, caveats and controls
Experience with governance frameworks in relation to infrastructure service and security delivery including required subsystems, i.e.: Australia Information Security Manual (ISM)
Experience and knowledge in applying cyber-security controls and practices aligned to zero-trust architecture principles
