Senior Security Architect (PROJ-4684)

Key duties and responsibilities

• Develop security architectures (current, transitional and target) based on agency strategies and plans
• Inform and validate security requirements for new and existing capabilities; apply requirements traceability to solution designs, implementations and configurations. 
• Proactively assess the suitability of solution components against relevant architectures, strategies, policies, standards and practices; identifying issues and proposing options. 
• Develop capability gap analysis based on the differences between the current and target state architectures providing guidance on risk management. 
• Provide advice and risk-based guidance to support solution implementation including managing security elements of change requests and deviations from specifications. 
• Contribute to the approval of designs through architectural, security and stakeholder bodies. 

Technical skills

• Degree in Computer Science or other relevant field
• Demonstrated security architecture experience of 3+ years.

Essential criteria

• Information assurance: Level 5 (SFIA)

Interprets information assurance and security policies and applies these to manage risks. Provides advice and guidance to ensure adoption of and adherence to information assurance architectures, strategies, policies, standards and guidelines. Plans, organises and conducts information assurance and accreditation of complex domains areas, cross-functional areas, and across the supply chain. Contributes to the development of policies, standards and guidelines.

• Information security: Level 5 (SFIA)

Provides advice and guidance on security strategies to manage identified risks and ensure adoption and adherence to standards. Contributes to development of information security policy, standards and guidelines. Obtains and acts on vulnerability information and conducts security risk assessments, business impact analysis and accreditation on complex information systems. Investigates major breaches of security, and recommends appropriate control improvements. Develops new architectures that mitigate the risks posed by new technologies and business practices.

• Solution architecture: Level 4 (SFIA)

Contributes to the development of solution architectures in specific business, infrastructure or functional areas. Identifies and evaluates alternative architectures and the trade-offs in cost, performance and scalability. Determines and documents architecturally significant decisions. Produces specifications of cloud-based or on-premises components, tiers and interfaces, for translation into detailed designs using selected services and products. Supports projects or change initiatives through the preparation of technical plans and application of design principles. Aligns solutions with enterprise and solution architecture standards (including security).

• Specialist advice: Level 5 (SFIA)

Provides definitive and expert advice in their specialist area. Actively maintains recognised expert level knowledge in one or more identifiable specialisms. Oversees the provision of specialist advice by others. Consolidates expertise from multiple sources, including third-party experts, to provide coherent advice to further organisational objectives. Supports and promotes the development and sharing of specialist knowledge within the organisation.

• Systems design: Level 5 (SFIA)

Designs large or complex systems and undertakes impact analysis on major design options and trade-offs. Ensures that the system design balances functional and non-functional requirements. Reviews systems designs and ensures that appropriate methods, tools and techniques are applied effectively. Makes recommendations and assesses and manages associated risks. Adopts and adapts system design methods, tools and techniques. Contributes to development of system design policies, standards and selection of architecture components.