It Security Architect

The IT Security Architect will have the following responsibilities:

• Development of Security Architectural methods and frameworks in conjunction with relevant teams;
• Provide Security Architecture services for projects to provide security specific advice across a wide range of tech areas;
• Ensure the correct security measures and controls are in place and maintained in the lifecycle of the solution;
• Ensure that solutions adhere to security policies and standards;
• Support solutions development to ensure that solutions are secure by design;
• Assist with development of the Security Service Catalogue;
• Develop security artefacts for cloud environments;
• Assist in determining the baseline security configuration standards for systems (especially cloud-based);

• Work closely with selected security vendors.

Essential skills

• Five+ years of experience in an IT Security Architect or similar role developing and using Security Architecture methodologies;
• Demonstrated experience in securing on-prem and cloud implementations to PROTECTED standards for workloads and data;
• Demonstrated experience working with PROTECTED systems and in their integration with cloud services;
• Demonstrated performance of security design/architecture reviews, code reviews, and penetration tests of large applications, systems and/or networks;
• Detailed knowledge of OWASP Top 10 and associated mitigation strategies;
• Detailed understanding of design and security in web-based architectures including Single Page Applications and API-oriented architectures;
• Understanding of, and preferably experience in implementing Zero-Trust principles;
• Knowledge of securing on-prem and cloud infrastructure systems including Microsoft and Linux oriented architectures;
• Knowledge of security standards and frameworks such as PSPF, ISM, ISO 27000, NIST and SOC2;
• Proven track record and strong experience in security related technology design and implementation including domains such encryption, access and identity management, vulnerability management;
• Experience with Microsoft and AWS cloud solutions that includes the security controls offered within the relevant cloud context, and knowledge of third-party products that would contribute to the securing, governance and operations related to a Microsoft and/or AWS cloud environment;
• Experience overseeing remediation of vulnerabilities and defining security requirements and a proven track record of working with infrastructure and development teams to build secure solutions.

Desirable Skills

• Demonstrable experience of working in complex and diverse technology environments.
• Experience in providing Security Architecture services in an agile project environment desirable;
• Good knowledge of technology across applications, databases, operating systems, hypervisors, IP networks, storage networks and backups;
• Strong stakeholder engagement with internal and external experts and stakeholders to research and continuously improve cyber defence services.
• Experience in delivering and enhancing tools and processes to promote best practice amongst other cyber and risk teams across the agency.
• Exhibit excellent analytical skills, the ability to manage multiple projects under strict timelines, as well as the ability to work well in a demanding, dynamic environment and meet overall objectives;
• Excellent written and verbal communication skills, interpersonal and consultative skills, and the ability to communicate concepts to technical and non-technical audiences;
• High degree of initiative and ability to work with little supervision.