Job details
The Department of Finance (Finance) is seeking a Public Key Infrastructure (PKI) Cybersecurity Analyst. The preferred candidate will contribute and provide support to the Gatekeeper Public Key Infrastructure (PKI) Framework review, ensuring its relevance in the face of emerging technologies and evolving cyber environment. With the rise of quantum computing and traditional cryptographic risks, the Department is seeking an expert with cybersecurity skills that can provide proactive adaptation of security protocols.
The Department requires a Public Key Infrastructure (PKI) Cybersecurity Analyst who has the capability to drive strategic initiatives to enhance digital identity management, cryptographic resilience, and secure authentication mechanisms across government systems.
Key Duties and Responsibilities of the Cyber Security Analyst include (but is not limited to):
Provide advice on matters relating to the PKI Framework’s policies, technical guidelines, and certification criteria to evaluate how each referenced request for comment (RFC) is implemented and identify any inconsistencies or gaps in adherence, deviations, outdated practices, or missing elements.
Undertake a gap analysis of the Framework against emerging and future security requirements.
Assess the impact of quantum computing on the Framework and provide expert technical guidance to support its transition to quantum-resistant algorithms. This includes evaluating existing controls in the Framework to ensure they remain effective in a post-quantum environment.
Document findings, highlighting areas for enhancement, and propose key elements for the development and operational structure of the Framework, ensuring alignment with industry standards, adaptability, and long-term effectiveness.
Collaborate with industry experts, academia, and government agencies to validate findings and refine recommendations.
The successful candidate will possess the following Qualifications and Skills:
Extensive knowledge of the Gatekeeper PKI Framework and PKI related standards.
Strong understanding of cryptography, PKI concepts, and protocols.
Experience with PKI tools and technologies, such as Microsoft CA, OpenSSL, and hardware security modules (HSMs).
Familiarity with certificate management tools.
Knowledge of DNS configuration, management, and security.
Experience with ITIL processes, service management, and change management.
Strong understanding of cyber security governance, risk management, and compliance Frameworks.
Excellent stakeholder management and communication skills, with the ability to influence policy decisions.
Current AGSVA Baseline security clearance
Desirable Criteria:
Experience working within Australian Government departments or agencies; and
Extensive knowledge of the Gatekeeper PKI Framework and PKI related standards; and
A strong background of cybersecurity governance, risk management and compliance Frameworks.
Desirable Certificates:
Certified Information Systems Security Professional (CISSP)
Certified Information Security Manager (CISM)
Certified Information Systems Auditor (CISA)
Post-Quantum Cryptography
Candidates should explicitly address the above criteria in their response/application.
NB. The subsequent evaluation criteria detailed in the RFQ (understanding, capacity, risk, VFM, etc.) relates to the broader evaluation criteria adopted by the Department when considering Candidates responses.
Criteria
The buyer has specified that each candidate must provide a one page pitch to address all criteria specified. This is equal to 5000 characters.
Essential criteria
Demonstrated understanding and appreciation • The extent to which a candidate demonstrates and understanding an appreciation of the Requirements (Role description + Key duties and responsibilities + Technical Skills).
Demonstrated capacity, capability, and experience, • The extent to which a candidate demonstrates capacity, capability, and experience to fulfil the Requirements (Role description + Key duties and responsibilities + Technical Skills) to a high standard and within specified timeframes.