Senior SecOps Engineer

As a Senior SecOps Engineer, you’ll help further secure, uplift and protect the underlying platforms and processes responsible for hosting public Australian government information and services.

On this page:

Overview

Join a remote and distributed team of senior DevOps engineers to help further secure, uplift and protect the underlying platforms and processes responsible for hosting public Australian government information and services delivered to our citizens.

Strong experience required in security audits and compliance, security policies, cyber threat detection, security uplift, penetration testing, vulnerability detection and remediation.

Should excel in autonomous workflows through CI, Ansible/shell scripting, and be comfortable deploying solutions using a wide range of technologies.

Experience in PHP/CMS frameworks and platforms such as Drupal, Wordpress and Laravel is highly desired.

As a senior member of our team, it's essential you're comfortable pushing the boundaries, respectfully challenging, and being respectfully challenged.

Remote working, flexible hours, an open ethos, and an authentic values-based culture and purpose, are further benefits we offer.

While we love, appreciate and embrace diversity, a requirement of this position is that the successful candidate must be an Australian citizen as specified by our government client.

About Salsa

First and foremost we are an authentic bunch of great humans driven by purpose, by values and by people.

We are a digital innovation company with a strong presence in Australian government focusing on GovTech, CivicTech and Open Data.

With an 18-year legacy in open source, born out of Victoria, Australia, we have recently become a fully remote and distributed team made up of digital engineers and specialists from across the globe.

Our authentic purpose (our vision) is what drives us: to help governments become more open, more connected and more consolidated. To realise this vision we partner with governments across Australia to help them digitally transform, better engage with citizens, and open up to co-create and co-innovate with industry.

We’re pleased to have delivered, and continue delivering, many large-scale, whole-of-government Drupal CMS and CKAN open data platforms across multiple jurisdictions throughout Australia. We’re also pleased to be the official service delivery partner for GovCMS on behalf of the Australian Federal Government, and Single Digital Presence and Data.Vic on behalf of the Victorian Government.

Our crew, aka Salsarians :), are pretty amazing! They work hard and have fun while staying true to our company values of:

  • Rigour
  • Mutual Respect
  • Transparency
  • Personal Growth
  • Accountability
  • Commercial Outcomes
  • Fresh Thinking
  • Authenticity

Key responsibilities

The Senior SecOps Engineer is expected to interface with three groups - the Salsa Digital project team, Salsa client teams (such as the GovCMS and SDP program stakeholders) and Salsa executive management.

Responsibilities include:

  • Ramping up within complex, enterprise-grade, technical environments quickly
  • Identification of SecOps vulnerabilities and exposures - in collaboration with the Salsa security team proactively identify gaps and/or exposures in the security posture of technical solutions and provide considered recommendations to address
  • Determining SecOps opportunities via an understanding of present security pain points and exposures for each major program of work and driving the delivery of a backlog of security risk mitigation actions and initiatives across each program
  • Researching technical solution options to address security exposures, documenting and presenting these options to different stakeholders
  • Analysing the security implications of platform changes or technical issues, providing oversight to technical change management from a security perspective
  • Building and releasing solutions to address security risks
  • Being a go-to person for technical security advice to help explain technical approaches and general knowledge-share for SecOps approaches and considerations
  • Working with the Product Owner (platform) to help plan and communicate the product roadmap providing input into business imperative features from a security perspective
  • Maintaining knowledge of industry best practice SecOps tools, applications and solution approaches
  • Building authentic open relationships with stakeholders - supporting a project/program culture of open communication, trust and respect
  • Representing Salsa’s strong open ethos and brand to establish new trusted relationships and nurture existing ones

Skills (must haves)

The following general behaviours and experience are required:

  • Enterprise-grade security experience in digital programs, ideally within government
  • Strong working knowledge of digital web technologies including application, DevOps, hosting and containerisation technologies (Kubernetes)
  • Strong problem solving skills
  • Ability to speak authoritatively on complex technical matters, in particular security principles, risks and solutions
  • Exceptional communication with customer and internal managers – listening and providing answers
  • Ability to build good working relationships with all program stakeholders
  • Ability to gather and assimilate information
  • Ability to adapt and prioritise
  • Ability to think ahead and anticipate problems, issues and solutions
  • Experience working on projects/programs using agile methodologies
  • 2+ years as a SecOps or security engineer
  • 3+ years experience as technical lead/architect or DevOps engineer
  • Ideally, an ability to transition seamlessly between SecOps engineer and DevOps engineer

Skills (highly desired)

A critical mass of the following specific technical skills is required:

  • Experience within the digital domain using tool sets such as:
    • Web-serving architectures (NGINX, Apache, Varnish)
    • CDN technologies (Akamai, Cloudflare, CloudFront, static, etc.)
    • Observability tooling and tactics
    • Docker (Docker Compose, image management)
    • Kubernetes cluster management (EKS, AKS, Lagoon, kubectl, etc.)
    • CI (GitLab, Circle, Jenkins)
    • AWX, Ansible
    • ELK stack (Elasticsearch, Logstash, Kibana)
    • AWS technologies (S3, EC2, RDS, Elasticache, SES, etc.)
    • PHP/CMS frameworks/platforms a plus (Drupal, Wordpress, Laravel)
  • Execution as a SecOps in complex regulatory environments
  • Demonstrated experience in current-state, future-state and transition to future state of internal security systems and processes

Benefits

  • Attractive salary package
  • Work from home
  • Flexible working hours
  • Opportunity for career development
  • Be supported by a group of diverse, fun, passionate and genuinely good people
  • A flat and transparent organisational culture where you get answers FAST!
  • Refer-a-friend Employee Benefits Scheme
  • Opportunity to earn an annual bonus

Want to know more?

You may like to:

  • Read some recent case studies to get an idea of the types of project you could be working on
  • Read our latest Insights for thought leadership pieces

Interested?

Contact Angela Rako (human resources) on 03 9910 4839 or apply online using the form below.

Apply Now