Security and Systems Engineer - DM-18440


The Client is a statutory agency in the Defence portfolio that defends Australia against global threats and advances our national interests through the provision of foreign signals intelligence, cyber security and offensive cyber operations as directed by the Australian Government.

They requires a Security and Systems Engineer to assist in the development and uplift of web platforms.

Indicative duties include, but are not limited to:

  • Lead security documentation efforts and risk assessment activities including:
  • Develop, deliver, and maintain system security related documentation for the webplatform, in machine-assessable formats (such as OSCAL SSP and CycloneDX SBOM) supporting automation where possible.
  • Conduct system security threat modelling, risk assessments, Business Impact Analysis (BIA) and vulnerability analyses.
  • Liaise with stakeholders to retain or attain authority to operate (ATO).
  • Build, deploy, and maintain serverless capabilities predominantly hosted on AWS and Cloudflare, including:
  • Build, deploy, and maintain serverless Analytics API aligned with the intent of the Information Security Manual (ISM).
  • Assist with building and maintaining data lakes and analytic serverless platforms.
  • Develop, deliver, and maintain a DevSecOps Continuous Integration and
  • Continuous Delivery (CICD) pipelines including all infrastructure managed via Infrastructure as Code (IaC) technologies.
  • Build security automation into the web platform system, including supporting SOC activities.
  • Provide reports on accomplishments, incidents, and problems.
  • Assist with other aspects of the section’s workload as required.

All contracted staff must hold an Australian Government issued security clearance at the level required for the role they are engaged to perform prior to commencement in the client.

An OSA is an ASD policy requirement (ASD-POL-014) for contractors who will be engaged for a period in excess of 12 months. OSA’s are conducted to determine a person’s suitability to work in ASD. Before submitting an application for this role, the candidate should consider their preparedness for questions that may include the following topics: personal relationships, living circumstances, personal values, financial situation, physical and mental health history including substance use, and any civil and/or military record.

Estimated start date Monday, 26 June 2023

Initial contract duration 12 months

Extension term 12 months

Number of extensions 2

Location of work ACT, NSW, NT, QLD, SA, TAS, VIC, WA, Offsite

Working arrangements

There is an expectation that the successful candidate will work 5 days per week and up to a maximum of 40 hours per week unless pre-approved by the ASD Contract Manager. o The role is Canberra based, however interstate candidates are encouraged to apply, and will be considered. The Agency will consider and negotiate offsite (work from anywhere) working arrangements on a case by case basis. Where an offsite working arrangement is agreed, successful candidates will be required to: o Attend the Agency’s Canberra Office for the first week of their engagement to undertake compulsory training and to meet team members and various Agency personnel o Travel to Canberra on an ad-hoc basis to meet operational requirements. o Where the candidate is interstate, please provide the candidates residential location (Suburb and State) in your response.

Security clearance: Must have Baseline


Essential criteria

1. Must outline the candidate’s ability to perform the indicative duties, and provide examples and experience to support this

2. Must outline how the candidate possess the key knowledge, skills and experience required to perform the role,

Key knowledge, skills or experience areas include:

  • Demonstrated strong experience in undertaking complex security risk modelling and completing security documentation for Australian Government cloud-based systems.
  • Demonstrated experience with security automation (including IR playbooks and security testing) and writing scripts for the processing of JSON, XML and YAML.
  • Demonstrated strong experience building with AWS services including, but not limited to; Amazon S3, Amazon QuickSight, Amazon OpenSearch, Amazon API Gateway, and AWS Lambda.
  • Demonstrated experience in developing serverless based APIs with strong security controls.
  • Demonstrated experience with multiple Infrastructure as Code (IaC) technologies suchas Cloud Development Kit for Terraform (CDKTF), AWS Cloud Development Kit (AWS CDK) and AWS CloudFormation.
  • Ability to work collaboratively within a team and with stakeholders.
  • Ability to make decisions transparently and collaboratively.
  • Ability to communicate effectively and with influence.
  • Ensures closure and delivers on intended results.
  • Steers and implements change and deals with uncertainty

Canberra, ACT

amazon API getwayamazon opensearchamazon quicksightamazon s3amazon web servicesAPIAWScloud developmentcloudformationJSONXMLyaml