Our federal government client is seeking an experienced Security DevOps Engineer to join their Cybersecurity and Assurance Team who supports provision of ICT related Governance Risk and Compliance activities.The purpose of this role is to work with the Cybersecurity and Assurance Manager and other stakeholders to integrate security controls to the department's applications development framework. Controls will be aligned with the Australian Government Information Security Manual (ISM) and will be targeted to achieve an agreed level of maturity against the Open Web Application Security Projects, Software Assurance Maturity Model. (OWASP SAMM).This is a new position at the department, responsible for the implementation of prioritised tasks to meet the recommended maturity level under the SAMM.The key responsibilities for the role include:
- Drive the development of a list of prioritised activities that will implement an agreed set of controls, work practices, resources, etc. that will ensure compliance with ISM controls and achieve the agreed maturity level under the SAMM
- Working with stakeholders to deliver those activities, establishing new practices, tools, procedures, etc.
- Monitor and advise on workflows to ensure the agreed maturity can be maintained and that all documentation is correct, tuning, updating or revising as necessary until the security practices are fully embedded.
- Significant experience with security tools, methods and documentation relevant to a DevSecOps workflow (5+ years).
- Demonstrated understanding of the OWASP SAMM.
- Excellent communications skills, including the ability to negotiate outcomes amongst a diverse group of stakeholders and to write well.