Australian Citizens with NV2 Clearance are preferred for this role.
Key Requirements:
* 5+ years of experience designing, implementing, and supporting identity solutions in large-scale, geographically dispersed, and security-hardened on-premise environments operating in low-bandwidth and disconnected states;
* Experience designing, implementing, or supporting identity systems, including Quest One Identity Manager, Quest Active Roles, NetIQ Identity, ForgeRock, or similar technologies;
* Detailed knowledge or experience in Identity Federation;
* Experience implementing or supporting Identity Federation systems, including Microsoft Active Directory Federation Services, Ping Identity Federation, or similar federation technologies;
* Experience implementing and/or troubleshooting authentication protocols such as Kerberos, SAML, OpenID Connect, and OAuth.
* Detailed knowledge and/or experience in Identity and Access Management and supporting technologies.
* Detailed knowledge and/or experience in Privilege Access Management;
* Detailed knowledge and/or experience with Role-Based Access Control (RBAC) and Attribute-Based Access Control (ABAC);
* Detailed knowledge or experience with cryptography and PKI services from a systems integration perspective;
* 5+ years of experience working with Windows operating systems and middle-tier application services, with a focus on pervasive security;
* Detailed knowledge or experience of Attribute-Based Access Control (ABAC) and how it relates to RBAC;
* 5+ years of experience implementing and supporting Microsoft Active Directory Domains and Forests;
* 5+ years of experience designing, supporting, or implementing Microsoft Group Policy and Security hardening;
* Experience implementing and operating Microsoft Certificate Services or similar PKI technologies;
* Experience implementing or supporting hardware security modules (HSM);
* Ability to take requirements, standards, and frameworks and apply them in a practical application to future proposed solution designs and systems;
* Strong communication, interpersonal, and negotiation skills with demonstrable experience of presentation and engagement with stakeholders, projects, and business areas;
Responsibilities:
* Ability to rapidly build, automate, and deliver proof-of-concept systems to support analysis, testing, accreditation, and development activities within a DevSecOps framework;
* Ability to adapt quickly to changing requirements in a fast-paced, highly kinetic environment to meet changing deadlines and deliverables;
* Ability to work under broad direction with a high level of autonomy;
* Experience developing highly available/fault-tolerant systems, networks, and infrastructure in a connected, partially connected, degraded, or often disconnected state.
Desirable Skills and Experience:
* Detailed knowledge or experience in Multi-Factor Authentication and Zero Trust Architecture methodologies;
* Experience with Privileged Access Management technologies such as Delinea Secret Server or CyberArk;
* Sound knowledge in areas including infrastructure, systems engineering, networking, middleware applications, and system integration design;
* Experience designing, configuring, implementing, and supporting self-service password reset infrastructure;
* Experience writing and reviewing technical documentation, ranging from High-Level Designs (HLD), down to Standard Operating Procedures (SOP);
* Understanding of credentials, authentication, and authorization principles and design alternatives;
* Understanding of ABAC and how it compares to RBAC;
Knowledge of Security Attacks that Apply to ICAM:
* Familiarity with federation principles including NIST 800-63-3 and federation options between organizations;
* Design, implementation, and configuration skills for Microsoft Infrastructure technologies and enabling services;
* Detailed knowledge and experience in Active Directory Role-based Access and Management technologies and processes;
* Detailed knowledge and experience of Identity Federation technologies, approaches, and application integration with federation technologies;
* Sound knowledge of Infrastructure services, including As-A-Service and Software Defined principles;
* Knowledge of secure identity service integration with Infrastructure and related service interfaces, including Privileged Access Management;
* Previous experience in a Technical Architect and/or Senior Operational Support role;
* 5+ years of experience in configuring, building, and supporting multi-vendor geographically dispersed solutions;
* 5+ years designing, configuring, implementing, and supporting secure infrastructure systems, including varying levels of required security, caveats, and controls;