Principal Cloud Enterprise Architect

The TOP SECRET (TS) Cloud program aims to bring commercial hyper scale cloud capabilities to the NIC. It aims to improve agencies’ operating efficiency and effectiveness. It is an unprecedented program for the NIC and therefore provides a unique opportunity for all who are working on it.
ASD’s TS Cloud Program requires an experienced Cloud Enterprise Architect to deliver a number of enterprise level solutions across a series of transformation initiatives throughout the National Intelligence Community (NIC) and ASD.

To deliver this new cloud capability for the NIC, the Cloud Enterprise Architect will join a multi-disciplinary team comprised of highly skilled staff from multiple NIC agencies and strategic partners. The Cloud Enterprise Architect will have a track record of successful enterprise-level cloud services development and implementation. They will possess a strong knowledge of cloud computing technologies, including public, private, and hybrid clouds, and experience in developing cloud services marketplaces.

In collaboration, the Cloud Enterprise Architect will be responsible for leading the Service Catalogue and Third Party Software as a Service processes and governance. This includes bringing together the NIC community stakeholders and Cloud vendor, assuring integration into NIC governance, creating terms of references for vendors and suppliers providing service offerings, and establishing processes for delivery and management.

The role will require identifying and updating policies, standards and architecture repositories to enable cloud adoption. The Cloud Enterprise Architect will be a strong communicator, capable of communicating complex problems, both verbally and in written form, to various stakeholders including senior executives.

Candidates require a current AGSVA TSPV security clearance to perform the role.  ASD will not sponsor candidates to upgrade their security clearances.

Candidates must be willing to undergo ASD’s Organisational Suitability Assessment (OSA). The OSA requires a psychological assessment, which involves a questionnaire and an interview. Before submitting an application for this role, the candidate should consider their preparedness for questions that may include the following topics: personal relationships, living circumstances, personal values, financial situation, physical and mental health history including substance use, and any civil and/or military record.

Information on ASD’s Organisational Suitability Assessment (OSA)

An OSA is an ASD policy requirement for contractors who will be engaged for a period in excess of 12 months and are conducted to determine a person’s suitability to work in ASD.  The OSA requires a psychological assessment, which involves a questionnaire and an interview.

Before submitting an application for this role, the candidate should consider their preparedness for questions that may include the following topics: personal relationships, living circumstances, personal values, financial situation, physical and mental health history including substance use, and any civil and/or military record.

Key duties and responsibilities

The Cloud Enterprise Architect will perform the following duties and responsibilities:

• develop and maintain a prioritisation and selection framework for TS cloud services and solutions. This will include evaluating the technical feasibility, business value, and overall fit with the NIC’s needs and requirements.
• develop TS architecture roadmaps, models and plans including evaluating the technical feasibility, and business benefit with overall fit for organisation’s requirements.
• assess feasibility of solutions and identify potential roadblocks.
• develop and maintain an enterprise-level cloud services roadmap that aligns with ASD’s strategic objectives, business outcomes and technology strategy.
• work closely with stakeholders to identify business requirements and functional specifications.
• take high-level business requirements and industry best practices and translate them into patterns, concepts, principles, and working designs.
• identify business impacts from implementation or changes to technology strategies and roadmaps.

Technical skills

Essential:
• Professional certification in Enterprise Architecture, such as TOGAF or Zachman, is preferred and certification or training in Cloud Technologies is required.
• Minimum 3 years of experience in architecting Cloud solutions. Desirable:
• Experience working in a NIC agency undertaking an Enterprise Architect role.

About the organisation

The Australian Signals Directorate (ASD) is a statutory agency in the Defence portfolio that defends Australia against global threats and advances our national interests through the provision of foreign signals intelligence, cyber security and offensive cyber operations as directed by the Australian Government.

Essential criteria

1.AWS Dedicated Cloud Experience: Deep familiarity with concept use of AWS dedicated cloud environments. Demonstrated understanding of the ADC physical and logical isolation boundaries for dedicated cloud environments.

2.Strategic Policy Alignment: The ability to map AWS architecture to high-level directives factoring in the appropriate level of CoA and AWS advised risk and security profiles.

3.Boundary Protection & Secure Networking: Expertise in designing Transit Gateways, AWS PrivateLink, and Cross-Domain Solutions (CDS). Must know how to facilitate “Air-gapped” style security while maintaining cloud-native functionality.

4.Identity Governance (ICAM): Mastery of Identity, Credential, and Access Management (ICAM) at scale. This includes integrating AWS IAM with government-mandated PIV/CAC card authentication and complex Active Directory forests.

5.Automated Governance (Guardrails): Expert-level knowledge of AWS Control Tower, Service Control Policies (SCPs), and AWS Config. Must be able to programmatically prevent non-compliant resources from ever being created.

Required criteria

1.DevSecOps Pipeline Ownership: Experience building CI/CD pipelines that operate within disconnected or low-bandwidth environments, ensuring that software updates are scanned and “vetted” before hitting production.

2.Legacy Modernisation Strategy: track record of migrating sensitive monolithic legacy systems into micro services without compromising the “chain of custody” of the data.

The successful candidate will work 5 days per week and up to a maximum of 40 hours per week, unless otherwise agreed with their manager. WFH can be accommodated (WFH should align with the Flexible Hub policy). Interstate based candidates cannot be accommodated.