Security Software Developer
16th November, 2022

Must have a Baseline clearance,

 

Essential criteria

1. Proven self-management skills including: • working as a productive member of a team using agile methods • strong time management and self-organisation skills and the ability to manage concurrent tasks with competing priorities and • ability to adapt to and accommodate change at both the project and solution level.
 

2. Demonstrated a minimum of 5 years of experience in delivering complex ICT Systems in Azure Cloud, including: • Understanding of security architecture for IAM/PAM • Azure AD • APIM • Azure B2C • Strategies to automate processes on Azure AD B2C, allowing on-boarding of API consumer applications. • Azure CI/CD pipelines
 

3. Experience working with developing, configuring and debugging Identity Providers protocols; OpenID/Connect, OAuth2.0, WS-Fed, and SAML • Configuring ADFS and relying party trusts, claims provider trusts, and attribute stores. • Windows security, including domain users and groups, certificates and certificate stores, Kerberos and NTLM.
 

4. Responsible for setting appropriate strategies to improve the security practices when it comes to programming amongst the colleagues within the organisation, ensuring today’s mistakes are not repeated in the future.
 

5. Responsible for performing on-going security testing and code review to improve software security, and documenting, any security threats, resolve technical faults and deliver real solutions in a cost-effective way.
 

6. Detailed understanding of ACSC Information Security Manual (ISM) or similar security standards and frameworks and their implications at architecture level and produce necessary security artefacts. Identifying current and emerging technology issues including security trends, vulnerabilities and threats.
 

Desirable criteria

1. Understanding the business context of the Department of Employment and Workplace Relations environment.

2. Demonstrated knowledge of, and experience in: • Vulnerability Management, Network, SOC/SIEM Platform • identifying and applying security controls to large scale, complex capabilities and • identifying and applying Cyber security technologies as risk controls (such as digital signature, public key infrastructure, virtual private networks, firewalls, intrusion detection, data encryption, etc). • understanding of security threat vectors and intelligence • knowledge of security systems including anti-virus applications, content filtering, firewalls, authentication systems and intrusion detection and notification systems.

3.
Demonstrated knowledge and experience using Australian whole of government authentication services such as VFAS, myGov and TDIF (Digital Identity).