Canberra, ACT, Australia

Security and Systems Engineer

 Job Description:

Australian Citizens residing in Australia with Baseline Clearance only respond.

Lead security documentation efforts and risk assessment activities including:

o Develop, deliver, and maintain system security related documentation for the web platform, in machine-assessable formats (such as OSCAL SSP and CycloneDX SBOM) supporting automation where possible.

o Conduct system security threat modelling, risk assessments, Business Impact Analysis (BIA) and vulnerability analyses.

o Liaise with stakeholders to retain or attain authority to operate (ATO).

o Build, deploy, and maintain serverless capabilities predominantly hosted on AWS and Cloudflare, including:

o Build, deploy, and maintain serverless Analytics API aligned with the intent of the Information Security Manual (ISM).

o Assist with building and maintaining data lakes and analytic serverless platforms

. o Develop, deliver, and maintain a DevSecOps Continuous Integration and Continuous Delivery (CICD) pipelines including all infrastructure managed via Infrastructure as Code (IaC) technologies.

o Build security automation into the web platform system, including supporting SOC activities.

Demonstrated experience with security automation (including IR playbooks and security testing) and writing scripts for the processing of JSON, XML and YAML.

o Demonstrated strong experience building with AWS services including, but not limited to; Amazon S3, Amazon QuickSight, Amazon OpenSearch, Amazon API Gateway, and AWS Lambda.

o Demonstrated experience in developing serverless based APIs with strong security controls.

o Demonstrated experience with multiple Infrastructure as Code (IaC) technologies such as Cloud Development Kit for Terraform (CDKTF), AWS Cloud Development Kit (AWS CDK) and AWS CloudFormation.