About the role DroneShield is seeking an Identity and Access Security Engineer with relevant experience to join the Security team in Sydney, NSW. The Security team is a nimble team responsible for protecting DroneShield's assets and users. Our adversaries are sophisticated and use state-of-the-art tooling. To protect DroneShield, we need to focus on the biggest risks, eliminate threats, focus on automation to scale our efforts and continually increase the cost to the attackers. Key responsibilities for this role include working with our IT and Platform teams to ensure strong authentication mechanisms and Privileged Identity Management for users, services and devices. Additionally, working with the Product teams to enhance authentication into our products, including our air-gapped hardware products. Be a core contributor of the ZeroTrust strategy and an advocate for change. The ideal candidate will have strong communication skills, being a hands-on engineer and will have a systemic view of the problem space focusing on solving the biggest problems and designing solutions that can scale. They also should have a strong background in computer science, demonstrated experience in developing and maintaining backend systems in high-stakes environments, and technical expertise in authentication and authorisation protocols (OAuth, SAML, etc). They should also have knowledge of ZeroTrust and/or Beyond Corp. This position offers the opportunity to contribute to the security of hardware Products with complex threat models. Responsibilities, Duties and Expectations Lead key strategies in the Identity and Access space Implementing phishing resistant MFA and rollout across systems Design and implement Just In Time access to critical systems Design and create strong identities for users, devices and products. Influence strong authentication for BYOD Manage multiple concurrent projects and solve cross-product problems Qualifications, Experience and Skills BS degree in Computer Science, Information Technology or similar technical field of study or equivalent practical experience. Demonstrated experience working in software engineering roles On-the-tools engineering experience – must be hands-on Minimum 5 years’ experience in related roles. Roles could include: Security Engineer Identity and Access Engineer Software Engineer Knowledge of the following would also be essential: Can design and implement systems using Go or Python Modern app security and application architectures Strong expertise in software engineering best practices Infrastructure as Code and experience with cloud-based environments Comfortable on the command line in a Linux first environment Threat Modelling – focus on the threat, controls and mitigations. Knowledge of authentication, authorisation and cryptographic protocols Knowledge of the following would also be desirable: Strong problem-solving and analytical skills. Ability to think creatively to identify potential security vulnerabilities. Systems thinking: focus on design solutions that improve the system Excellent communication skills to explain complex technical concepts. Note for recruitment agencies: We do not accept unsolicited candidates from external recruiters unless specifically instructed.
