Infrastructure Security Specialist
Singapore, Singapore, Singapore
Assurity Trusted Solutions
Assurity Trusted Solutions empowers your business for the digital economy by securing the trust residents place in online transactions.Assurity Trusted Solutions (ATS) is a wholly owned subsidiary of the Government Technology Agency (GovTech). As a Trusted Partner over the last decade, ATS offers a comprehensive suite of products and services ranging from infrastructure and operational services, authentication services, governance and assurance services as well as managed processes. In a dynamic digital and cyber landscape, where trust & collaboration are key, ATS continues to drive mutually beneficial business outcomes through collaboration with GovTech, government agencies and commercial partners to mitigate cyber risks and bolster security postures.
Responsibilities:
- Conduct threat modeling across cloud and hybrid infrastructure environments (AWS, Azure, GCP, on-prem, etc.).
- Design and articulate realistic threat risk scenarios based on current architectures and known vulnerabilities.
- Identify and analyze misconfigurations and weak points in various platforms and systems – both cloud-native and legacy.
- Collaborate with engineering, DevOps, and IT teams to validate risks and propose remediations.
- Build or integrate automation tools/scripts to:
- Identify exposed or unused digital assets (e.g., domains, subdomains).
- Clean up and decommission stale or unnecessary infrastructure.
- Contribute to security playbooks, incident response plans, and proactive risk assessment strategies.
Requirements
- Solid understanding of cloud architecture (AWS, Azure, GCP) and hybrid deployments.
- Experience with common IaC and automation tools (Terraform, Ansible, Python, Bash, PowerShell, etc.).
- Hands-on knowledge of security misconfigurations and what they look like across:
- IAM roles and permissions
- Network segmentation / firewall rules
- Storage buckets / Blob storage
- CI/CD pipelines
- Familiarity with asset discovery tools, DNS scanning, domain monitoring, and attack surface management.
- Ability to "think like an attacker" and map technical missteps to real-world attack scenarios.
- Good knowledge in CSA and CIS controls
- Exposure to MITRE ATT&CK, STRIDE, or similar threat modeling frameworks.
- Familiarity with tools like BloodHound, ScoutSuite, Cloudsplaining, etc.
- Past experience in offensive security (e.g., red teaming) or incident response is a big plus.
- Background in compliance frameworks (e.g., SOC2, ISO 27001, NIST) is helpful, but not required.
Join us and discover a meaningful and exciting career with Assurity Trusted Solutions!
The remuneration package will commensurate with your qualifications and experience. Interested applicants, please click "Apply Now".
We thank you for your interest and please note that only shortlisted candidates will be notified.
By submitting your application, you agree that your personal data may be collected, used and disclosed by Assurity Trusted Solutions Pte. Ltd. (ATS), GovTech and their service providers and agents in accordance with ATS’s privacy statement which can be found at: https://www.assurity.sg/privacy.html or such other successor site.
Benefits
- A wholly-owned subsidiary of GovTech.
- We promote a learning culture and encourage you to grow and learn.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Ansible Automation AWS Azure Bash CI/CD Cloud Compliance DevOps DNS Firewalls GCP Governance IAM Incident response ISO 27001 MITRE ATT&CK Monitoring NIST Offensive security PowerShell Privacy Python Red team Risk assessment SOC 2 Terraform Vulnerabilities
Perks/benefits: Career development
More jobs like this
Explore more career opportunities
Find even more open roles below ordered by popularity of job title or skills/products/technologies used.