Security Analyst

**Open To: Australian Citizens with Baseline Clearance**

**Location: Cnberra Act**

We are seeking an experienced Security Software Developer to join our team. The team is responsible for providing a wide range of digital services to support the business and operating environment of the department. These roles represent an exciting opportunity for technical writer to join one of our multidisciplinary teams.

We are seeking a Security Software Developer with proven experience with technical knowledge of techniques, standards and state-of-the art capabilities for authentication and authorization, applied cryptography, security vulnerabilities and remediation.

**Key responsibilities include but not limited to**:

- Software development experience using languages and frameworks such as C#,.Net, HTML5.0, CSS, and JavaScript.
- Demonstrated experience working with Azure Cloud system, Azure AD, APIM, and Azure B2C.
- Detailed understanding of ACSC Information Security Manual (ISM) or similar security standards and frameworks and their implications at the architecture level and produce necessary security artifacts.
- Identify and set strategies to improve security practices when it comes to software programming amongst colleagues within the organisation.
- Perform ongoing security testing and code review to improve software security.
- Responding to, and documenting, any security threats, resolving technical faults, and delivering real solutions in a cost-effective way.
- Understanding of security threat vectors and intelligence.
- Identifying current and emerging technology issues including security trends, vulnerabilities, and threats.
- Conducting proactive research to analyse security weaknesses and recommend appropriate

**Essential criteria**
- Proven self-management skills including:

- working as a productive member of a team using agile methods
- strong time management and self-organisation skills and the ability to manage concurrent tasks with competing priorities
- ability to adapt to and accommodate change at both the project and solution level.
- Demonstrated a minimum of 5 years of experience in delivering complex ICT Systems in Azure Cloud, including:

- Understanding of security architecture for IAM/PAM Azure AD
- APIM
- Azure B2C
- Azure CI/CD pipelines
- Experience working with developing, configuring and debugging Identity Providers protocols; OpenID/Connect, OAuth2.0, WS-Fed, and SAML
- Configuring ADFS and relying party trusts, claims provider trusts, and attribute stores.
- Windows security, including domain users and groups, certificates and certificate stores, Kerberos and NTLM.
- Responsible for setting appropriate strategies to improve the security practices when it comes to programming amongst colleagues within the organisation, ensuring today’s mistakes are not repeated in the future.
- Responsible for performing on-going security testing and code review to improve software security, and documenting, any security threats, resolve technical faults and deliver real solutions in a cost-effective way.
- Detailed understanding of ACSC Information Security Manual (ISM) or similar security standards and frameworks and their implications at architecture level and produce necessary security artefacts. Identifying current and emerging technology issues including security trends, vulnerabilities and threats.

**1**

**Desirable criteria**
- Understanding the business context of the Department of Employment and Workplace Relations environment.

Demonstrated knowledge of, and experience in:

- Vulnerability Management, Network, SOC/SIEM Platform
- understanding of security threat vectors and intelligence
- Demonstrated knowledge and experience using Australian whole of government authentication services such as VFAS, myGov and TDIF (Digital Identity).