Address
Salary24 MTH Contract with Federal Government Department for Security DevOps Consultant (SecDevOps)Can be based in Canberra ACT, Melbourne Victoria or Launceston Tasmania.Scope for lots of WFH / Remote / HybridTEAM AND ROLE OVERVIEWThis team maintain the Information Communication and Technology infrastructure for the Fed Gov department, and provide strategic leadership, governance, solutions, and advice for the effective management of information.
The Cybersecurity and Assurance Team supports this through provision of ICT related Governance Risk and Compliance activities. Thes include cybersecurity services, information management services, audit coordination, risk assessments and policy and procedure development, along with other related functions.The purpose of this role is to work with the Cybersecurity and Assurance Manager and other stakeholders to integrate security controls to applications development framework. Controls will be aligned with the Australian Government Information Security Manual (ISM) and will be targeted to achieve an agreed level of maturity against the Open Web Application Security Projects, Software Assurance Maturity Model. (OWASP SAMM)KEY RESPONSIBILITIES
- Drive the development of a list of prioritised activities that will implement an agreed set of controls, work practices, resources, etc. that will ensure compliance with ISM controls and achieve the agreed maturity level under the SAMM
- Working with stakeholders to deliver those activities, establishing new practices, tools, procedures, etc.
- Monitor and advise on workflows to ensure the agreed maturity can be maintained and that all documentation is correct, tuning, updating or revising as necessary until the security practices are fully embedded.
- Follow instructions from the Chief Information Officer and the Cybersecurity and Assurance Manager, but not hesitate to speak up about issues or concerns and to provide relevant, reasonable and competent advice as needed, whether it is asked for or not.
- Significant experience with security tools, methods and documentation relevant to a DevSecOps workflow (5+ years).
- Demonstrated understanding of the OWASP SAMM.
- Excellent communications skills, including the ability to negotiate outcomes amongst a diverse group of stakeholders and to write well.
- Desirable – demonstrated understanding of the Information Security Manual
