Must have a Baseline clearance.
Evaluation Criteria 1
Indicative duties include, but are not limited to:
o Lead security documentation efforts and risk assessment activities including:
o Develop, deliver, and maintain system security related documentation for the web
platform, in machine-assessable formats (such as OSCAL SSP and CycloneDX
SBOM) supporting automation where possible.
o Conduct system security threat modelling, risk assessments, Business Impact
Analysis (BIA) and vulnerability analyses.
o Liaise with stakeholders to retain or attain authority to operate
o Build, deploy, and maintain serverless capabilities predominantly hosted on AWS and
Cloudflare, including:
o Build, deploy, and maintain serverless Analytics API aligned with the intent of the
Information Security Manual (ISM).
o Assist with building and maintaining data lakes and analytic serverless platforms.
o Develop, deliver, and maintain a DevSecOps Continuous Integration and
Continuous Delivery (CICD) pipelines including all infrastructure managed via
Infrastructure as Code (IaC) technologies.
o Build security automation into the web platform system, including supporting SOC
activities.
o Provide reports on accomplishments, incidents, and problems.
o Assist with other aspects of the workload as required.
Evaluation Criteria 2
Key knowledge, skills or experience areas include:
o Demonstrated strong experience in undertaking complex security risk modelling and
completing security documentation for Australian Government cloud-based systems.
o Demonstrated experience with security automation (including IR playbooks and security
testing) and writing scripts for the processing of JSON, XML and YAML.
o Demonstrated strong experience building with AWS services including, but not limited to;
Amazon S3, Amazon QuickSight, Amazon OpenSearch, Amazon API Gateway, and
AWS Lambda.
o Demonstrated experience in developing serverless based APIs with strong security
controls.
o Demonstrated experience with multiple Infrastructure as Code (IaC) technologies such
as Cloud Development Kit for Terraform (CDKTF), AWS Cloud Development Kit (AWS
CDK) and AWS CloudFormation.
o Ability to work collaboratively within a team and with stakeholders.
o Ability to make decisions transparently and collaboratively.
o Ability to communicate effectively and with influence.
o Ensures closure and delivers on intended results.
o Steers and implements change and deals with uncertainty