Position:

Identity Specialist

SFIA Level

SINT Level 6

Required Skills and Experience:

·       5+ years’ experience designing, implementing and supporting identity solutions in large scale, geographically dispersed and security-hardened on-premise environments which operate in low-bandwidth and disconnected states;

·       Experience designing, implementing, or supporting/operating identity systems, including Quest One Identity Manager, Quest Active Roles, NetIQ Identity, ForgeRock, or similar technologies;

·       Detailed knowledge or experience in Identity Federation;

·       Experience implementing or supporting Identity Federation systems, including Microsoft Active Directory Federation Services, Ping Identity Federation, or similar federation technologies;

·       Experience implementing and/or troubleshooting authentication protocols such as Kerberos, SAML, OpenID Connect, and OAuth.

·       Detailed knowledge and/or experience in Identity and Access Management and supporting technologies.

·       Detailed knowledge and/or experience in Privilege Access Management;

·       Detailed knowledge and/or experience with Role Based Access Control (RBAC) and Attribute Based Access Control (ABAC);

·       Detailed knowledge or experience with cryptography and PKI services from a systems integration perspective;

·       5+ years of experience working with Windows operating systems and middle tier application services, with a focus on pervasive security;

·       Detailed knowledge or experience of Attribute Based Access Control (ABAC) and how it relates to RBAC;

·       5+ years of experience implementing and supporting Microsoft Active Directory Domains and Forests;

·       5+ years of experience designing, supporting, or implementing Microsoft Group Policy and Security hardening;

·       Experience implementing and operating Microsoft Certificate Services or similar PKI technologies;

·       Experience implementing or supporting hardware security modules (HSM);

·       Ability to take requirements, standards and frameworks and apply in a practical application to future proposed solution designs and systems;

·       Strong communication, interpersonal and negotiation skills with demonstrable experience of presentation and engagement with stakeholders, projects and business areas;

·       Ability to rapidly build, automate and deliver proof of concept systems to support analysis, testing, accreditation and development activities within a DevSecOps framework;

·       Ability to adapt quickly to changing requirements in a fast paced highly kinetic environment to meet changing deadlines and deliverables;

·       Ability to work under broad direction with a high level of autonomy; and,

·       Experience developing highly available/fault tolerant systems, networks and infrastructure in a connected, partially connected, degraded or often disconnected state.

Desirable Skills and Experience

·       Detailed knowledge or experience in Multi-Factor Authentication and Zero Trust Architecture methodologies;

·       Experience with Privileged Access Management technologies such as Delinea Secret Server or CyberArk.

·       Sound knowledge in areas including infrastructure, systems engineering, networking, middleware applications and system integration design;

·       Experience designing, configuring, implementing, and supporting self-service password reset infrastructure.

·       Experience writing and reviewing technical documentation, ranging from High Level Designs (HLD), down to Standard Operating Procedures (SOP);

·       Understanding of credentials, authentication and authorisation principles and design alternatives;

·       Understanding of ABAC and how it compares to RBAC;

·       Knowledge of security attacks that apply to ICAM;

·       Familiarity with federation principles including NIST 800-63-3 and federation options between organisations;

·       Design, Implementation and configuration skills for Microsoft Infrastructure technologies and enabling services;

·       Detailed knowledge and experience in Active Directory Role based Access and Management technologies and processes;

·       Detailed knowledge and experience of Identity Federation technologies, approaches and application integration with federation technologies;

·       Sound knowledge of Infrastructure services, including As-A-Service and Software Defined principles;

·       Knowledge of secure identity service integration with Infrastructure and related service interfaces, including Privileged Access Management;

·       Previous experience in a Technical Architect and/or Senior Operational Support role;

·       5+ years of experience in configuring, building and supporting multi-vendor geographically dispersed solutions;

·       5+ years designing, configuring, implementing and supporting secure infrastructure systems, including varying levels of required security, caveats and controls;

·       Experience with governance frameworks in relation to infrastructure service and security delivery including required subsystems, i.e.: Australia Information Security Manual (ISM);

·       Experience and knowledge in applying cyber-security controls and practices aligned to zero-trust architecture principles.

Security Clearance:

Negative Vetting 2 (NV2) is required. Candidates with NV1 would be considered on the condition that they have completed and submitted a security pack (NV1 to NV2 upgrade) to the Australian Government Security Vetting Agency (AGSVA) prior to commencement.