Application closing date: Friday, 25 November 2022 • 11:59pm, Canberra time (in Canberra)
Estimated start date: Monday, 12 December 2022
Location of work: ACT
Length of contract: ASAP until Jun 2024
Contract extensions: 1x 12 months
Security clearance: Must have Baseline
Rates: $120 - $150 per hour (inc. super)
The Department of Employment and Workplace Relations is seeking experienced Security Software Developer to join our team. The team is responsible for providing a wide range of digital services to support the business and operating environment of the department. These roles represent an exciting opportunity for technical writer to join one of our multidisciplinary teams.
We are seeking a Security Software Developer with proven experience with technical knowledge of techniques, standards and state-of-the art capabilities for authentication and authorization, applied cryptography, security vulnerabilities and remediation.
Key responsibilities including but not limited:
Demonstrated experience working with Azure Cloud system, Azure AD, APIM, and Azure B2C.
Detailed understanding of ACSC Information Security Manual (ISM) or similar security standards and frameworks and their implications at architecture level and produce necessary security artefacts.
Identify and set strategies to improve the security practices when it comes to software programming amongst the colleagues within the organisation.
Perform on-going security testing and code review to improve software security.
Responding to, and documenting, any security threats, resolve technical faults and deliver real solutions in a cost-effective way.
Understanding of security threat vectors and intelligence.
Identifying current and emerging technology issues including security trends, vulnerabilities and threats.
Conducting proactive research to analyse security weaknesses and recommend appropriate strategies
Proven self-management skills including: • working as a productive member of a team using agile methods • strong time management and self-organisation skills and the ability to manage concurrent tasks with competing priorities and • ability to adapt to and accommodate change at both the project and solution level.
Demonstrated a minimum of 5 years of experience in delivering complex ICT Systems in Azure Cloud, including: • Understanding of security architecture for IAM/PAM • Azure AD • APIM • Azure B2C • Strategies to automate processes on Azure AD B2C, allowing on-boarding of API consumer applications. • Azure CI/CD pipelines
Experience working with developing, configuring and debugging Identity Providers protocols; OpenID/Connect, OAuth2.0, WS-Fed, and SAML • Configuring ADFS and relying party trusts, claims provider trusts, and attribute stores. • Windows security, including domain users and groups, certificates and certificate stores, Kerberos and NTLM.
Responsible for setting appropriate strategies to improve the security practices when it comes to programming amongst the colleagues within the organisation, ensuring today’s mistakes are not repeated in the future.
Responsible for performing on-going security testing and code review to improve software security, and documenting, any security threats, resolve technical faults and deliver real solutions in a cost-effective way.
Detailed understanding of ACSC Information Security Manual (ISM) or similar security standards and frameworks and their implications at architecture level and produce necessary security artefacts. Identifying current and emerging technology issues including security trends, vulnerabilities and threats.
Understanding the business context of the Department of Employment and Workplace Relations environment.
Demonstrated knowledge of, and experience in: • Vulnerability Management, Network, SOC/SIEM Platform • identifying and applying security controls to large scale, complex capabilities and • identifying and applying Cyber security technologies as risk controls (such as digital signature, public key infrastructure, virtual private networks, firewalls, intrusion detection, data encryption, etc). • understanding of security threat vectors and intelligence • knowledge of security systems including anti-virus applications, content filtering, firewalls, authentication systems and intrusion detection and notification systems.
Demonstrated knowledge and experience using Australian whole of government authentication services such as VFAS, myGov and TDIF (Digital Identity).