Her Majesty's Passport Office - API & Application Security Specialist (Cloud)

Description

Summary of the work Hands-on specialist required to work with multiple teams developing public/private API, Web Interfaces utilising AWS products, to identify security requirements, design/develop and document the required security controls and components, provide in-depth technology input to other technology stakeholders, and be responsible for low level security design. Specialist role Developer Expected Contract Length Up to 2 years Latest start date Monday 30 July 2018 Who Speclialist Work With Specialist will work closely with the Lead Architect and will be required to collaborate with DevOps, Developers, Security Architect, Information Assurance to produce low level technical security designs for AWS hosted solutions, establishing security best practices in API/application development, contributing to evaluation of new products from a security perspective. What Specialists Work On Hands-on specialist to identify the security needs working with multiple teams developing public/private API, Web Interfaces utilising AWS products. Design/develop and document required security controls and components in collaboration with Tech Leads and Architects. Provide in-depth technology input to other technology stakeholders and be responsible for low level security design. Evaluation and implementation of the new products from security perspective 50/50 Code and Security Documentation split Detailed design and implementation of the PAM, IDS, DLP in AWS Prepare and present necessary security governance documentation in collaboration with Security Architect Define the counter measures for security risks and actively implement. Skills & Experience • Have demonstrable experience of of AWS services and AWS security best practices. • Have demsontrable experience of implementing prevention and proactive monitoring of advanced security attacks and emerging attack vectors. • Have demonstrable experience in API security (SOAP/REST) and industry standard best practices to secure a public/private API hosted in cloud. • Have demonstrable experience of implementing security aspects of application development cycle CI/CD. • Have demonstrable experience of successfully delivering digital solutions that collect and manage personal and/or sensitive information with appropriate controls and protection. • Have demonstrable hands-on development experience utilising Java, API Gateway/Management & Policy frameworks, SOAP & Resful APIs, JWT, JWS/JWE, JOSE.. • Have demonstrable experience of documenting low level security design and ability to work in a established design and governance process. Nice to Haves • Have demonstrable experience of security tools and techniques (PKI, PAM, IAM, Protective Monitoring, Firewall, Audit, SSL/TLS, API Gateways, AV, IDS/IPS/HIDS, Pen-testing) • Have demonstrable experience of security protocols OAUTH, OIDC, SAML, SSO and MFA. • Have demonstrable experience of successfully design, implementation and migration of SOAP based API services from legacy technologies utilising Amazon AWS. • Have demonstrable experience of migrating applications and services from traditional data centre and infrastructure, network, to AWS cloud. • Have demonstrable experience of implementing NCSC cloud security principles • Have demonstrable experience of migrating services off PSN to public cloud infrastructure. • Should have either vendor or industry standard IT Security certification(s) • Have existing, valid SC Clearance Work Location London, Westminster Working Arrangments We expect the specialist to work collaboratively with Lead Architect and in-house development teams that are transforming the HMPO business processes/applications. Work is based in London and will involve the supplier being on site 5 days per week to work collaboratively with HMPO teams; travel and expenses remains the responsibility of the supplier. Service design and development must align with the HM Passport Office strategic technical architecture and technologies. Security Clearance SC Clearance is required. HM Passport Office will support the clearance process. Additional T&Cs Breakpoints to assess progress and quality will be set by mutual agreement. No. of Specialists to Evaluate 3 Cultural Fit Criteria • Be transparent and collaborative when making decisions. • Can work with clients with low technical expertise. • Able to work within HMPO design, delivery and governance framework. Evaluation Weighting Technical competence 60% Cultural fit 15% Price 25% Questions from Suppliers 1. What is the IR35 status? We expect this engagement to be outside IR35, however status is assessed on a case-by-case basis. 2. Will this role be outside of IR 35? We expect this engagement to be outside IR35, however status is assessed on a case-by-case basis. 3. Is there an incumbent already in this position? There is not an incumbent, this is a new role. 4. IF there is an incumbent, will they be able to use the DOS outcomes to apply for their position again? There is not an incumbent, this is a new role.