- Junior Security Architect
- DevSecOps background
- 12 months Initial
The Role –
DevSecOps Engineer, 12 month initial
- An experienced Junior Security Architect who has hands on Penetration Testing, DevSecOps experience ( 3 - 4 Years).
- MUST have qualifications in cyber security and preferable experience working as a junior security architect within large banks.
The candidate will perform the following functions as an individual assignment:
• Review solution designs & provide security solutions to ensure alignment to InfoSec standards, policies and organizational risk appetite.
o Applying up-to-date knowledge of threat modeling, risk assessment techniques, code & config reviews and current best practices treat & counter cybersecurity threats
• Responsible for securing hybrid cloud infrastructure & application deployment
• Identify & remediate gaps in DevOps processes
o Be involved in every stage in the software project lifecycle, from initial design and build to rollout and maintenance
o Experience with CI/CD tools, such as Jenkins, GitLab CI/CD, CircleCI, Puppet etc
o Experience Docker and Kubernetes etc.
o Ensure reduction in security-related build time delays.
• Review efficacy of security controls and treat findings.
• Ensure information systems are under appropriate control from an information security point of view including maintaining compliance with PCI-DSS, ISO 27001, NSW & Australian Government standards.
• Ensure alignment to security guard rails.
• Collaborate with, and provide guidance to, service providers / internal teams to ensure timely and effective delivery of security services and outcomes.
• Assist in delivery of tactical and strategic security and risks management programs.
• Represent the Security and Risk team within the organization, its service providers and related parties.
• Assist in the development of security policy, standards and processes
• Manage the dependencies and the interfaces between projects
• Implement program and project governance arrangements
• Assist with development of security program strategy
• Monitor and respond to issues at the project and program level as needed
• Escalate decisions to sponsor and/or program advisory board as necessary
• Manage relationships with internal and external stakeholders, including vendors, with respect to Program delivery
• Control of documentation quality including program health checks when needed
• Provide input into individual project content and provide advice and mentoring as required
The Person –
- Demonstrable and comprehensive experience in stakeholder management involving stakeholders at all levels of the organisation
- Strong understanding of full system life cycle, its typical phases, the deliverable within the phases
- Understanding of process improvement methodologies, related concepts, and frameworks
- Outstanding ability to analyse, isolate and interpret business needs and develop appropriate requirements specifications