Application Security Architect

POSITION PURPOSE

This role is part of the IDP Global Cyber-Security team.

The successful candidate for this role will be the focal point for uplifting our Security practices and processes for incorporating security maturity into IDP’s software development and Cloud Architecture.

We have an exciting opportunity for a Security Architect to provide the vision & drive in our DevSecOps way of working. As IDP’s Security Architect you will work very closely with development teams, Cloud & DevOps engineers to guide them in strong security and privacy approaches, continuously enhance security tooling and tool rules, and building security automations into our CI/CD pipelines and Cloud Architectures.

You will contribute to IDP security practices in AWS and across the all IDP business lines. We are entrusted with the personal information of customers and we take this responsibility extremely seriously. With every other member of the team, you will be an expert voice in ensuring that Security and Privacy are a fundamental part of every design and deliverable.

The essential purpose of this role is to provide thought leadership, practical experience, and hands-on skills to continuously “raise the bar” for IDP’s Application Security. You will do great things that have a major positive impact on people’s lives.

IDP’s Technology Context

IDP has completed the first phase of its digital transformation which has directly contributed to the massive acceleration in the world’s leading Edu-Tech business helping customers fulfil their lifelong learning opportunities at the world’s top universities.

Our transformation journey is far from complete and we have an exciting range of programs of work to further accelerate the pace of our operations. Much of IDP’s innovation is being driven through the AWS platform. IDP are in the early stages of our DevSecOps journey using Gitlab to automate our CI/CD pipelines. We are committed to ingraining security automations through our application lifecycle.

IDP is committed to the AWS Well Architected Framework and its five pillars. The Application Security Architect will focus on the Security pillar – protecting IDP’s information and systems. Key topics include confidentiality and integrity of data, identifying and managing who can do what with privilege management, protecting systems, and establishing controls to detect security events.

Our tech stack consists of most of the popular AWS Serverless components, Terraform IaC, Gitlab, Test Complete, our code is in Python (with legacy Java/Oracle), Angular front ends, SumoLogic as our SIAM and Observability platform, STAX Cloud Automation, SNOW for ITSM and a selection of SaaS solutions for our business applications. We are guided by the SAFEagile methodology and agile tools such as Jira and Confluence are well embedded into our ways of working.

About you:

Essential Knowledge & Skills

• Tertiary Education: Bachelors or master’s in software engineering, Computer Science, or other relevant discipline.
• Deep Knowledge of Application and Cloud Security. Having a great understanding of security threats, practices & defences is the essential skill of this role. You will be able to talk confidently on the various attack vectors and risks facing an organisation such as IDP, the approaches to address those risks and be able to translate this knowledge into practical implementations of security best practices.
• People Skills: You will have a great ability to collaborate with Application and Cloud Engineering teams closely to embed AppSec throughout the product lifecycle. Much of this role will be about working with others to ensure great practices are followed, and then drive automation.
• AWS Cloud: It is important that you have a deep understanding of the AWS Cloud and its security features. You’ll understand the AWS well architected framework thoroughly, can talk to it confidently and be able to drive its implementation at IDP.
• Web Application Development: Having detailed experience in a similar environment to IDPs (Angular front end, Python, Terraform IaC, APIs, BFFs, MSA, EDA, PostgreSQL, SaaS) would make you an ideal candidate for this role.
• Test Automation: You’ll have a great knowledge of the various types of security test automation: what they should be achieving, how to implement them in a manner that achieves our security and privacy objectives and increases the productivity of the delivery flow.
  IDP have strong security and privacy practices but have a drive to massively increase the role of automation in the testing of these practices. You will have specific experience of incorporating security testing into CI/CD pipelines.
• Vendor Evaluations: You’ll have performed a number of vendor/product evaluations and can produce well-reasoned recommendations to senior leadership.
• Communication Skills: Being able to produce clear and practical policy documentation, security patterns and be able to communicate to Software and Cloud engineering teams so they understand both what is required of them, and why.

Essential Experience and Qualifications

• Security Background: With this role it won’t be a surprise that we need someone with great experience in driving security and privacy practices, testing and automation. We anticipate that the level of experience we are looking for will mean you have at least 10 years in Information Technology with at least five of those working in Application and/or Cloud security.
• Security Credentials: Industry Security certifications such as: CISSP, GIAC (SANS), and desirable CEH ethical hacking, or SSCP, networking background such as Cisco e.g. CCNA, CCNP, OSCP
• AWS Security: IDP use AWS for most of its infrastructure and networking needs. Having the AWS Security certification, or a commitment to achieve it, is important for this role. You will have worked with AWS closely either in a Cloud Engineering or Security role for at least two years, be able to discuss confidently the AWS security services and have deep practical experience in their implementation.
• DevSecOps: You will have practical experience in being part of a DevSecOps team that has ingrained Security automations into their pipelines. You’ll be able to talk enthusiastically and practically about what it takes to engrain a DevSecOps culture into cloud and application teams. You will provide DevSecOps processes, tools, and technique and contribute to Major components in a DevOps Pipeline. You will guide the teams in how to create and maintain DevSecOps pipelines using CSA, SAST, DAST, and Security as Code.

Continuously push IDP towards AWS Best Practice and AWS Well-Architected framework

• be part of a team tasked with continuously reviewing IDP’s AWS environment and new initiatives against AWS recommendations.
• feed into a pipeline of projects and initiatives that must be implemented to keep IDP current.
• We don’t triage security – it is always job zero. No code (or infrastructure) ever moves into production with a known vulnerability. We are entrusted with the personal information of customers, and we take this extremely seriously. With every other member of the team, you’ll be an expert voice in ensuring that Security and Privacy are a fundamental part of every design and deliverable.
• be very comfortable in speaking up if you have a security concern on any aspect of IDPs environment.
• put in controls to enforce basic security policies such as Encryption at Rest, Encryption in Transit, and other fundamental security considerations on all users of AWS.
• You will regularly utilize AWS features such as Trusted Advisor, Guard Duty, and Well-Architected tools and produce actionable plans. You’ll review these regularly with the Infrastructure leadership and implement.
• You will continuously review our environment against AWS Best Practice and Well Architected standards. You’ll make recommendations and improvements in a structured and methodical manner.
• You love technology, are continuously learning and extending your knowledge of best practice and the business value of technology innovations.

Mentor and participate in Team Development

• As the Security Architect we’d like you to share your skills and experience to develop the team.
• IDP runs and Academy for recent graduates to morph their education into the direct skills that make them valuable in business. You’ll take one or two of these Academy graduates under your wing and mentor them as they mature into a high-performing Software Developer.

Drive Observability & Supportability

• In addition to the low maintenance code you personally produce you’ll assertively mandate the same from the entire team.

You’ll be someone who gets a kick out of being a critical member of a high performing team, personally producing outcomes that accelerate IDPs agenda to support customers in their life-long study journey. We do great stuff here at IDP.

Desirable Requirements

• SAP SaaS: IDP has several SAP SaaS solutions and other industry leading SaaS solutions. Experience in these may help, but is not critical

Python Scripting: Being able to script in Python will be useful in working with the pipelines.

Who you’ll work with:

Internal:

• Global Security Manager and other Security experts
• Cloud Operations Manager
• Architects (Enterprise and Solution)
• Architecture Community
• DevOps Cloud Engineers
• Application Development Teams
• Observability Team
• Support and Service Desk

External:

• AWS Architects
• Vendors and Consultants
• External Clients (Education Institutions)

You’ll be someone who gets a kick out of being a critical member of a high performing team, personally producing outcomes that accelerate IDPs agenda to support customers in their life-long study journey. We do great stuff here at IDP.

WORKING AT IDP

IDP Education’s ongoing success comes from our highly committed and caring employees around the globe.  We encourage teamwork in order to leverage our people's diverse talents and expertise through effective collaboration and cooperation throughout our business.
We strive to provide a working environment where people are encouraged to excel, be creative and seek new ways to solve problems, take initiative, generate opportunities and be accountable for their actions.

We believe in developing dynamic, inclusive work places that encourage and celebrate cultural differences and views, and provide opportunities for personal, professional and career development all around the world. We respect diversity in our people: their ideas, work styles and perspectives as well as offering flexibility to ensure employees enjoy a satisfying balance of work and personal life.