Role: AWS Senior Security Consultant

Contract Length: End of February 2026, with the potential to extend

Location: Melbourne - working 3 days in the office

Start Date: ASAP

Day Rate: $1,000 per day + GST

Role Purpose
A state government department is seeking an AWS Senior Security Consultant to provide assurance and security oversight for a new web-facing SaaS application hosted on AWS. The Consultant will work closely with internal stakeholders and the SaaS vendor’s development team to ensure the solution is designed and implemented in alignment with recognised security frameworks such as OWASP ASVS, ISO/IEC 27001:2022, and supports SOC 2 Type II readiness.

This role requires deep expertise in AWS security architecture, secure application design, and hands-on experience in aligning technical controls to business and compliance requirements.

Key Responsibilities

Secure Design & Architecture

• Third-party integrations (e.g. Bing, Google Geocoding, microservices)
• AWS WAF configuration and tuning
• IAM and CIAM setup, including integration with authentication and authorisation flows
• API and data layer components (API Gateway, RDS, S3, WebApp APIs, Object Store, Metadata services)

• Review and contribute to secure system design documents aligned with the AWS Well-Architected Framework and OWASP ASVS.
• Validate and define security controls across all application layers (Edge, Experience, Business, Persistence).
• Provide assurance over key architectural components including:
  

Security Requirements & Compliance

• Collaborate with development and security teams to define and verify application security requirements.
• Map controls to organisational standards and contractual obligations.
• Align with key ISO/IEC 27001:2022 controls (A.5–A.18).
• Contribute to SOC 2 Type II readiness and evidence gathering.

Threat Modelling & Security Assurance

• Conduct or validate threat modelling using frameworks such as STRIDE and MITRE ATT&CK.
• Define testable security requirements and acceptance criteria using OWASP ASVS.
• Oversee secure code review and penetration testing activities, ensuring issues are properly remediated.

Governance, Risk, and Compliance

• Support documentation and control mapping activities for ISO 27001 and SOC 2.
• Provide security input into design reviews and architecture governance.
• Assist with audits, assessments, and reporting processes.

Collaboration & Advisory

• Act as a key liaison between development, cloud engineering, and security teams.
• Present security risks, designs, and recommendations to both technical and non-technical audiences.
• Support knowledge sharing and secure design maturity across teams.

Required Skills & Experience

• OWASP ASVS and modern threat modelling approaches
• API security (OAuth2, OpenID Connect, JWT)
• AWS IAM, Cognito, WAF, CloudFront, API Gateway, RDS, S3
• Serverless/microservice architectures (Lambda, Python/Flask-based)

• 7+ years in cloud and application security roles, with strong AWS focus.
• Hands-on experience with AWS Well-Architected Framework and security-by-design practices.
• Proficiency in:
  
• Knowledge of ISO/IEC 27001:2022 and SOC 2 trust principles
• Strong communication skills and experience engaging with cross-functional teams

Desirable Skills

• Experience securing RESTful APIs and microservices (Python/Flask)
• Familiarity with AWS services such as SES, CloudWatch, CloudTrail
• Experience with DevSecOps and IaC (Terraform, CloudFormation)
• Involvement in ISO 27001 certification or SOC 2 Type II projects
• Relevant certifications (e.g. AWS Certified Security – Specialty, CISSP, CCSP, CISM)

If you are interested in this role, they are looking for someone to start ASAP, please click apply today