SINT Level 6
Required Skills and Experience:
· 5+ years’ experience designing, implementing and supporting identity solutions in large scale, geographically dispersed and security-hardened on-premise environments which operate in low-bandwidth and disconnected states;
· Experience designing, implementing, or supporting/operating identity systems, including Quest One Identity Manager, Quest Active Roles, NetIQ Identity, ForgeRock, or similar technologies;
· Detailed knowledge or experience in Identity Federation;
· Experience implementing or supporting Identity Federation systems, including Microsoft Active Directory Federation Services, Ping Identity Federation, or similar federation technologies;
· Experience implementing and/or troubleshooting authentication protocols such as Kerberos, SAML, OpenID Connect, and OAuth.
· Detailed knowledge and/or experience in Identity and Access Management and supporting technologies.
· Detailed knowledge and/or experience in Privilege Access Management;
· Detailed knowledge and/or experience with Role Based Access Control (RBAC) and Attribute Based Access Control (ABAC);
· Detailed knowledge or experience with cryptography and PKI services from a systems integration perspective;
· 5+ years of experience working with Windows operating systems and middle tier application services, with a focus on pervasive security;
· Detailed knowledge or experience of Attribute Based Access Control (ABAC) and how it relates to RBAC;
· 5+ years of experience implementing and supporting Microsoft Active Directory Domains and Forests;
· 5+ years of experience designing, supporting, or implementing Microsoft Group Policy and Security hardening;
· Experience implementing and operating Microsoft Certificate Services or similar PKI technologies;
· Experience implementing or supporting hardware security modules (HSM);
· Ability to take requirements, standards and frameworks and apply in a practical application to future proposed solution designs and systems;
· Strong communication, interpersonal and negotiation skills with demonstrable experience of presentation and engagement with stakeholders, projects and business areas;
· Ability to rapidly build, automate and deliver proof of concept systems to support analysis, testing, accreditation and development activities within a DevSecOps framework;
· Ability to adapt quickly to changing requirements in a fast paced highly kinetic environment to meet changing deadlines and deliverables;
· Ability to work under broad direction with a high level of autonomy; and,
· Experience developing highly available/fault tolerant systems, networks and infrastructure in a connected, partially connected, degraded or often disconnected state.
Desirable Skills and Experience
· Detailed knowledge or experience in Multi-Factor Authentication and Zero Trust Architecture methodologies;
· Experience with Privileged Access Management technologies such as Delinea Secret Server or CyberArk.
· Sound knowledge in areas including infrastructure, systems engineering, networking, middleware applications and system integration design;
· Experience designing, configuring, implementing, and supporting self-service password reset infrastructure.
· Experience writing and reviewing technical documentation, ranging from High Level Designs (HLD), down to Standard Operating Procedures (SOP);
· Understanding of credentials, authentication and authorisation principles and design alternatives;
· Understanding of ABAC and how it compares to RBAC;
· Knowledge of security attacks that apply to ICAM;
· Familiarity with federation principles including NIST 800-63-3 and federation options between organisations;
· Design, Implementation and configuration skills for Microsoft Infrastructure technologies and enabling services;
· Detailed knowledge and experience in Active Directory Role based Access and Management technologies and processes;
· Detailed knowledge and experience of Identity Federation technologies, approaches and application integration with federation technologies;
· Sound knowledge of Infrastructure services, including As-A-Service and Software Defined principles;
· Knowledge of secure identity service integration with Infrastructure and related service interfaces, including Privileged Access Management;
· Previous experience in a Technical Architect and/or Senior Operational Support role;
· 5+ years of experience in configuring, building and supporting multi-vendor geographically dispersed solutions;
· 5+ years designing, configuring, implementing and supporting secure infrastructure systems, including varying levels of required security, caveats and controls;
· Experience with governance frameworks in relation to infrastructure service and security delivery including required subsystems, i.e.: Australia Information Security Manual (ISM);
· Experience and knowledge in applying cyber-security controls and practices aligned to zero-trust architecture principles.
Negative Vetting 2 (NV2) is required. Candidates with NV1 would be considered on the condition that they have completed and submitted a security pack (NV1 to NV2 upgrade) to the Australian Government Security Vetting Agency (AGSVA) prior to commencement.