Senior/ Cybersecurity Engineer (Managed Agencies)

[What the role is]

[What the role is]
GovTech is the lead agency driving Singapore’s Smart Nation initiatives and public sector digital transformation. As the Centre of Excellence for Infocomm Technology and Smart Systems (ICT & SS), GovTech develops the Singapore Government’s capabilities in Data Science & Artificial Intelligence, Application Development, Smart City Technology, Digital Infrastructure, and Cybersecurity.
At GovTech, we offer you a purposeful career to make lives better where we empower our people to master their craft through robust learning and development opportunities all year round.
Play a part in Singapore’s vision to build a Smart Nation and embark on your meaningful journey to build tech for public good. Join us to advance our mission and shape your future with us today!
Learn more about GovTech at tech.gov.sg.

[What you will be working on]

GovTech Government Digital Transformation (GDT) team is hiring for Cybersecurity Engineer who is familiar with security architectures, testing and assessment of ICT systems operating in on-premises and cloud platforms. The specialist is required to have technical expertise across multiple verticals and technologies to perform security operations, risk assessment and security architecture review, including the development of actionable measures to be applied.

[What you will be working on]

Emplaced in public agencies, you will collaborate with stakeholders (including GovTech HQ teams, CISOs, agency project teams, and outsourced vendors) and will be responsible for:

• Assisting in the development of agency-specific security specifications and reviewing and providing consultancy on the project-specific infrastructure and application systems security architectures and designs to ensure compliance with prevailing ICT security policies, standards, and guidelines.
• Ensuring the implementations are in accordance with the reference security design architecture framework and standards, and recommend enhancements for the identified design gaps.
• Supporting agencies’ business initiatives through risk management, including performing security risk assessments, and recommending risk treatment and ensure mitigation measures are applied.
• Participating in scoping and facilitating security tests and audits, and reviewing their results to ensure security assurance is achieved before the system is commissioned.
• Managing agencies’ security operations and supporting the CISO in addressing cybersecurity incidents.
• Collating agencies’ security scorecards and other performance metrics, and providing insights in the reports to management.
• Staying updated on current and emerging security technologies for cloud and on-premises platforms, as well as tracking the evolving threat landscape, including threat actors and attack methodologies to support agencies’ gap analysis and threat management.  

[What we are looking for]

• Degree in Computer Science, Computer or Electronics Engineering or Information Technology or related disciplines.
• Minimum 3 years of IT security experience in IT security consultancy and security operations, including management, deployment, and maintenance of security for ICT systems.
• Knowledge and experience in ICT security risk management methodologies and evaluation techniques.
• Ability to effectively communicate cybersecurity risks, mitigation measures, and residual risks to stakeholders.
• Knowledge of cloud and on-premises security technologies, such as SIEM, Log Management and Analysis Tools, firewall, cryptography, vulnerability scanning tools, endpoint security, identity and access management, as well as frameworks like the MITRE ATT&CK framework, and security domains including data security, network security, cloud security, and application security.
• Knowledge of system security architecture concepts, including network topology, protocols, components, and principles (e.g., application of Defence in Depth), and industry security standards such as NIST, ISO/IEC 27001/2, and the ability to specify where and how security controls should be applied to or engineered into the security design.
• Familiarity with application security tools for testing, such as vulnerability assessment, penetration testing (VA/PT), source code reviews, and static/dynamic application security tests, as well as concepts of waterfall and agile application development methodologies, and DevSecOps concepts.
• Knowledge and experience in providing ICT security consultancy and/or audit services would be advantageous.
• Team player with good interpersonal skills.
• Possess good written, verbal, and presentation skills.
• Possess CISSP and/or CISA certification. Having SSCP, GDSA, Cloud Security, or related certifications would be advantageous.
• Singapore Citizen only.

GovTech is an equal opportunity employer committed to fostering an inclusive workplace that values diverse voices and perspectives, as we believe it is key to innovation. 

Our employee benefits are based on a total rewards approach, offering a holistic and market-competitive suite of perks.

  

We champion flexible work arrangements (subject to your job role) and trust you to manage your time to deliver your best.

Learn more about life inside GovTech at go.gov.sg/GovTechCareers.

[What we are looking for]