Cybersecurity Engineer (MSF CISO Office)

[What the role is]

The Government Technology Agency (GovTech) aims to transform the delivery of Government digital services and products by taking an "outside-in" view, putting citizens and businesses at the heart of everything we do. We also develop the Smart Nation infrastructure and applications and facilitate collaboration with citizens and businesses to co-develop technologies.

Join us as we support Singapore’s vision of building a Smart Nation - a nation of possibilities empowered through info-communications technology and related engineering.

Do you want to apply your skills, knowledge and energy to implement cutting-edge infocomm technology and digital solutions that will change the lives of Singaporeans and the public? In GovTech, you can!

The Cyber Security Group (CSG) is the cybersecurity arm of GovTech. CSG is committed to create a digital government that is safe and secure. CSG delivers technical and operational capabilities to counteract cyber threats, provides thought leadership on transformative cybersecurity governance and policies and to strengthen the cybersecurity posture of government agencies in a manner that is sustainable, pragmatic, and effective.

We are looking for a Cybersecurity Engineer to be forward deployed to our managed agencies. This specialist is required to have technical expertise across multiple verticals and technologies to perform security threat modelling, risk assessment and security architecture review, including security testing.

[What you will be working on]

• Perform threat modelling and security risk assessments for large projects or systems.

• Conduct vulnerability assessment/penetration testing for different technologies such as web application, infrastructure and cloud services.

• Review external security assessor security testing scope and result to ensure sufficient coverage and test cases been performed.

• Review DevSecOps security testing coverage and reports to ensure secure releases to production environments.

• Familiar with cloud and infrastructure technologies to perform review security configurations.

• Ensure that key security requirements are defined and designed into the systems, implemented in accordance with security by design.

• Support business initiatives through risk management, which involves performing security risk assessment to identify and analyse security risks, recommending risk treatment and mitigation measures, and assess residual risks.

• Develop and review project specific security specifications and ensure alignment to assessed security risks, security requirements, prevailing ICT security policies and standards.

• Review security architectures, designs and implementations to ensure compliance with prevailing ICT security policies and standards. Identify design gaps and recommend security enhancements.

• Involve in designing artefacts (spanning design, development, and implementation) into enterprise systems that are aligned to security principles and overall Enterprise System Architecture.

• Stay abreast of current and emerging security technologies for cloud and on-premises, as well as the associated security threats and risks. Design security architecture and control measures to mitigate the relevant threats and risks.

• Align security architecture frameworks and standards with business strategies and functions.

• Partner with Chief Information Security Officers, stakeholders, project teams, and outsourced vendors to ensure security objectives are achieved.

• Manage stakeholder relationships to ensure that cybersecurity services delivered meet their expectations.

[What we are looking for]

• Degree in Computer Science, Computer or Electronics Engineering or Information Technology or related disciplines.

• Minimum 8 years of IT security experience in areas such as IT security consultancy and/or security testing.

• Knowledge and experience in ICT security risk management methodologies and risk evaluation techniques.

• Able to articulate cybersecurity risks, mitigation measures and residual risks orally and in writing to stakeholders, in an easily understood and actionable manner.

• Familiar with scripting language, for example, Perl, Python, VBscript, Javascript or Powershell, Ruby

• Kowledge of security technologies (such as Nexpose/Nessus, BurpSuite, Metasploit, firewall, cryptography, identity and access management), and frameworks (such as MITRE ATT&CK framework), and security domains (such as network security, cloud security and application security).

• Knowledge of system security architecture concepts including network topology, protocols, components and principles (e.g. application of Defence in Depth), and able to specify where and how security controls should be applied to or engineered into the security design.

• Knowledge and experience in the provision of ICT security consultancy services would be advantageous.

• Being a team player with good interpersonal skills.

• Good written, verbal and presentation skills.

• CREST, OSCP, GPEN and CISSP certification. Having SSCP, AWS Security, or related certifications would be of added advantage.

• Able to work and communicate with all levels from senior management level to working level.

• Singapore Citizen only

GovTech is an equal opportunity employer committed to fostering an inclusive workplace that values diverse voices and perspectives, as we believe it is key to innovation. 

 

Our employee benefits are based on a total rewards approach, offering a holistic and market-competitive suite of perks.

  

We champion flexible work arrangements (subject to your job role) and trust you to manage your time to deliver your best.

 

Learn more about life inside GovTech at go.gov.sg/GovTechCareers.