Skip to content

Safe Technology & Engineering

This domain covers the technical implementation and maintenance of secure systems, focusing on the infrastructure, development, and engineering aspects of Secure Data Environments.

Software Engineering

Software Engineering applies structured approaches to developing and maintaining secure, high-quality code for research environments. This subdomain encompasses implementing appropriate software development lifecycle methodologies, incorporating secure coding practices that protect against common vulnerabilities, implementing comprehensive testing and quality assurance processes, and creating well-documented, reusable code that enhances maintainability while enabling knowledge sharing across development teams.

Software Development Lifecycle

Applies structured approaches to developing and maintaining software throughout its lifecycle. Involves following established processes, using version control systems, implementing bug fixes, applying methodologies appropriate to context, managing code repositories, designing secure features, establishing best practices, leading architectural decisions, and mentoring team members in engineering excellence.

  • Understands basic SDLC concepts and can follow established development processes
  • Familiar with version control systems like Git for code management
  • Can implement simple bug fixes and feature enhancements under supervision
  • Proficient in applying SDLC methodologies appropriate to the project context
  • Independently manages code repositories and review processes
  • Designs and implements features with security and scalability in mind
  • Establishes SDLC best practices and processes for the organization
  • Leads architectural decisions and ensures secure coding standards
  • Mentors team members on software engineering excellence

Secure Coding Practices

Develops software with security built into the code itself. Involves understanding common vulnerabilities like OWASP Top 10, applying input validation and error handling, following secure coding guidelines, identifying and mitigating security issues, implementing secure authentication and authorization, conducting security-focused code reviews, and developing organizational standards.

  • Aware of common security vulnerabilities (e.g., OWASP Top 10)
  • Can apply basic input validation and error handling
  • Uses secure coding guidelines provided by the team
  • Proactively identifies and mitigates security vulnerabilities in code
  • Implements secure authentication, authorization, and data protection mechanisms
  • Conducts code reviews with a focus on security aspects
  • Develops security standards and coding guidelines for the organization
  • Evaluates and selects appropriate security libraries and frameworks
  • Implements advanced security patterns for high-risk components

Testing & Quality Assurance

Validates software functionality, security, and performance before deployment. Involves creating unit tests, using testing frameworks, executing test plans, designing comprehensive strategies, implementing automated pipelines, analyzing results to improve quality, establishing processes and standards, implementing advanced testing, and driving continuous improvement initiatives.

  • Creates basic unit tests for code components
  • Familiar with testing frameworks and continuous integration concepts
  • Can execute test plans and document results
  • Designs comprehensive test strategies including unit, integration, and security testing
  • Implements automated testing pipelines and monitors code coverage
  • Analyses test results to improve code quality
  • Establishes QA processes and standards across projects
  • Implements advanced testing strategies for complex systems
  • Drives quality metrics and continuous improvement initiatives

Microservices & API Design

Develops loosely coupled, independently deployable services that communicate via APIs. Involves understanding microservices principles, working with API concepts and documentation, designing appropriate service boundaries, implementing secure API gateways, developing versioning strategies, architecting enterprise API strategies, establishing best practices, and leading API security initiatives.

  • Understands microservices architecture principles
  • Familiar with API concepts and documentation (e.g., OpenAPI/Swagger)
  • Can develop and use RESTful APIs following established patterns
  • Designs microservice architectures with appropriate boundaries
  • Implements secure API gateways and authorization mechanisms
  • Develops API versioning strategies and documentation standards
  • Architects enterprise API strategies and governance models
  • Establishes microservices best practices and standards
  • Leads API security initiatives and evaluates API management solutions

Code Documentation & Reusability

Creates understandable, maintainable, and reusable code. Involves writing clear comments explaining functionality, following documentation patterns, creating comprehensive explanations, designing for reusability with appropriate abstraction, implementing self-documenting principles, establishing organizational standards, developing reuse strategies, and creating knowledge sharing frameworks.

  • Understands the importance of code documentation and comments
  • Follows established documentation patterns for the codebase
  • Can write basic comments explaining code functionality
  • Creates comprehensive documentation that explains both how and why
  • Designs code for reusability with appropriate abstraction
  • Implements self-documenting code principles and clear naming conventions
  • Establishes documentation standards and best practices for the organization
  • Develops strategies for code reuse across projects and teams
  • Creates knowledge sharing frameworks and mentors others in documentation

Artefact Management

Securely stores, distributes, and controls access to software artefacts including container images, helm charts, and package repositories. Involves understanding artefact concepts, accessing repositories following procedures, working with vulnerability scanning, implementing secure registries, controlling access and scanning for threats, managing distributions, developing enterprise strategies, establishing governance processes, and leading security initiatives.

  • Understands basic concepts of container registries, package repositories, and helm charts
  • Can access and use artefact repositories following established procedures
  • Familiar with vulnerability scanning concepts for software artefacts
  • Implements secure container registries and package repository management
  • Controls access to artefacts and scans for malicious packages and vulnerabilities
  • Manages helm chart repositories and software library distributions
  • Develops enterprise strategies for artefact management and governance
  • Establishes automated scanning and compliance processes for all artefacts
  • Leads initiatives to enhance artefact security and supply chain integrity

Infrastructure & Deployment

Infrastructure & Deployment establishes the foundation for secure, scalable research environments. This subdomain focuses on designing and managing cloud resources with appropriate security controls, implementing containerization and orchestration technologies that enable portable, isolated application environments, and creating secure network architectures with proper segmentation and access controls that collectively provide the technical infrastructure needed for protected data processing and analysis.

Cloud Infrastructure Management

Designs, deploys, and manages cloud resources for secure data environments. Involves working with major providers like AWS, Azure, and GCP, provisioning resources following patterns, implementing infrastructure as code, designing secure architectures, implementing monitoring and scaling, architecting enterprise solutions, developing governance strategies, and leading cloud transformation initiatives.

  • Familiar with major cloud providers (AWS, Azure, GCP) and their core services
  • Can provision and configure basic cloud resources following established patterns
  • Understands infrastructure as code concepts
  • Designs and implements cloud architectures following security best practices
  • Proficient with infrastructure as code tools (Terraform, CloudFormation, etc.)
  • Implements monitoring and scaling solutions for cloud resources
  • Architects enterprise-grade cloud solutions with high availability and security
  • Develops cloud governance strategies and cost optimization approaches
  • Leads cloud transformation initiatives and capacity planning

Containerization & Orchestration

Packages and manages applications in isolated, portable environments. Involves understanding container concepts, working with Docker and container registries, designing container-based architectures, implementing orchestration with Kubernetes or similar platforms, creating CI/CD pipelines, architecting enterprise strategies, implementing advanced security features, and establishing compliance processes.

  • Understands container concepts and can build/run basic containers
  • Familiar with Docker and container registries
  • Can deploy containerised applications following established patterns
  • Designs container-based architectures and multi-container applications
  • Implements container orchestration using Kubernetes or similar platforms
  • Creates and manages CI/CD pipelines for containerised applications
  • Architects enterprise container strategies and governance models
  • Implements advanced Kubernetes features for security, scaling, and resilience
  • Establishes container security scanning and compliance processes

Network Architecture

Designs and implements secure networks for data environments. Involves understanding networking concepts like IP addressing and routing, configuring network settings, designing secure architectures with appropriate segmentation, implementing VPCs and access controls, troubleshooting issues, architecting complex multi-environment solutions, and developing network security strategies.

  • Understands basic networking concepts (IP addressing, subnets, routing)
  • Familiar with network security principles and firewall concepts
  • Can configure simple network settings following established guidelines
  • Designs secure network architectures with appropriate segmentation
  • Implements VPCs, network security groups, and access controls
  • Troubleshoots network-related issues and performance bottlenecks
  • Architects complex network solutions for multi-environment deployments
  • Develops network security strategies and implements defense-in-depth
  • Leads network transformation initiatives and capacity planning

Encryption & Key Management

Protects data at rest and in transit using secure algorithms and robust key management practices. Involves understanding encryption concepts, implementing encryption solutions, selecting appropriate algorithms, generating and storing keys securely, managing key lifecycles, implementing access controls, developing enterprise strategies, establishing governance frameworks, and leading security enhancement initiatives.

  • Understands basic encryption concepts (at rest, in transit)
  • Can apply encryption using standard tools and libraries
  • Follows procedures for handling encryption keys
  • Implements encryption for data at rest and in transit
  • Selects and configures secure encryption algorithms
  • Manages encryption keys using secure key management systems
  • Develops enterprise encryption and key management strategies
  • Establishes governance for key lifecycle and access controls
  • Leads initiatives to enhance encryption and key management practices

System Architecture

System Architecture establishes the foundational design principles for secure, scalable, and maintainable research environments. This subdomain encompasses creating secure environment designs with defense-in-depth approaches, developing microservices and API architectures that enable modular and flexible systems, implementing strategies for scalability and performance under varying workloads, creating robust enterprise solutions that meet critical requirements, and adopting component-based software engineering (CBSE) practices that promote reusability and maintainability.

Secure Environment Design

Creates system designs that prioritise data security and privacy, compliance with 5-safes and SATRE. Involves understanding principles of secure design, applying defense-in-depth and least privilege concepts, documenting environments, implementing appropriate controls, evaluating security implications, architecting enterprise-wide secure environments, developing standards, and leading security architecture reviews and remediation.

  • Understands principles of secure environment design
  • Familiar with defense-in-depth and least privilege concepts
  • Can document existing secure environments and their components
  • Designs secure environments incorporating appropriate controls
  • Implements security patterns such as zero trust architecture
  • Evaluates security implications of architectural decisions
  • Architects enterprise-wide secure data environments
  • Develops architectural principles and standards for secure environments
  • Leads security architecture reviews and remediation efforts

Scalability & Performance

Builds systems that can handle growing workloads while maintaining responsiveness. Involves understanding performance concepts and metrics, performing basic testing, designing scalable architectures, implementing caching strategies, conducting load testing, architecting high-performance systems, developing capacity planning strategies, and leading optimization initiatives across the organization.

  • Understands basic performance concepts and metrics
  • Familiar with horizontal and vertical scaling approaches
  • Can perform basic performance testing and identify bottlenecks
  • Designs scalable architectures for varying workloads
  • Implements caching strategies and performance optimizations
  • Conducts load testing and performance analysis
  • Architects high-performance systems for enterprise workloads
  • Develops capacity planning and scaling strategies
  • Leads performance optimization initiatives across systems

Enterprise Solution Development

Creates robust systems that meet business-critical requirements. Involves understanding quality of service criteria, working with enterprise architecture concepts, explaining trade-offs between quality attributes, designing solutions that meet requirements, implementing patterns for reliability and resilience, architecting enterprise-grade solutions, and developing reference architectures.

  • Understands quality of service criteria for business-critical services
  • Familiar with enterprise architecture concepts and patterns
  • Can explain the trade-offs between different quality attributes (availability, reliability, etc.)
  • Designs solutions that meet enterprise quality of service requirements
  • Implements patterns for reliability, resilience, and scalability
  • Makes informed recommendations regarding QoS priorities and trade-offs
  • Architects enterprise-grade solutions balancing QoS attributes with organizational constraints
  • Develops frameworks and reference architectures for enterprise solutions
  • Leads initiatives to enhance the quality and reliability of enterprise systems

Component-Based Architecture

Designs systems as assemblies of modular, reusable components. Involves understanding component-based design principles, working with component libraries and frameworks, developing simple components, designing modular interfaces, implementing composition strategies, optimizing for maintainability, developing enterprise strategies, establishing standards, and leading reuse initiatives.

  • Understands component-based design principles and benefits
  • Familiar with component libraries and frameworks
  • Can develop simple components following established patterns
  • Designs modular, reusable components with well-defined interfaces
  • Implements component composition strategies for complex systems
  • Optimises components for maintainability and testability
  • Develops enterprise component strategies and governance models
  • Establishes component design standards and best practices
  • Leads initiatives to enhance component reuse and maintainability

Vulnerability & Patch Management

Identifies, assesses, and remediates security vulnerabilities across systems and infrastructure. Involves understanding vulnerability concepts, using scanning tools, applying security updates, implementing automated processes, triaging vulnerabilities by risk, monitoring compliance, developing enterprise strategies, establishing governance frameworks, and leading maturity initiatives.

  • Understands basic vulnerability concepts and patching processes
  • Can use vulnerability scanning tools under supervision
  • Applies security updates following established procedures
  • Implements vulnerability scanning and patch management processes
  • Triages and remediates vulnerabilities based on risk
  • Automates patch deployment and monitors compliance
  • Develops enterprise vulnerability management strategies
  • Establishes automated patching frameworks and governance
  • Leads vulnerability and patch management maturity initiatives

Configuration Management

Deploys and maintains infrastructure and applications in consistent, secure, and compliant states. Involves understanding configuration concepts, applying changes using automation tools, following established procedures, implementing management processes, verifying compliance, automating remediation, developing strategies and standards, establishing replacement processes, and leading improvement initiatives.

  • Understands configuration management concepts and tools
  • Can apply basic configuration changes using automation tools
  • Follows established configuration procedures
  • Implements configuration management tools and processes
  • Regularly verifies configuration compliance
  • Automates remediation of non-compliant configurations
  • Develops configuration management strategies and standards
  • Establishes processes for rapid replacement of non-compliant systems
  • Leads configuration management improvement initiatives

High Performance Computing

Provisions, configures, and securely manages high-performance computing resources and specialized hardware accelerators. Involves understanding HPC concepts, configuring access to shared resources, working with job scheduling systems, implementing secure management practices, integrating with university infrastructure, ensuring user and data segregation, developing infrastructure strategies, establishing governance frameworks, and leading capability enhancement initiatives.

  • Understands basic concepts of HPC, GPU computing, and cluster architectures
  • Can configure access to shared compute resources following established procedures
  • Familiar with job scheduling systems and resource allocation concepts
  • Implements secure management of advanced compute resources and accelerators
  • Integrates with existing university HPC infrastructure and capacity
  • Ensures proper segregation of users and data in shared computing environments
  • Develops strategies for advanced computing infrastructure and capacity planning
  • Establishes governance for secure multi-tenant HPC resource usage
  • Leads initiatives to enhance computing capabilities and optimize resource utilization