Senior Cybersecurity Engineer (MSF CISO Office)

Government Technology Agency-posted 2 months ago
Non, OK
1,001-5,000 employees
Professional, Scientific, and Technical Services
Resume
Match Score
Upload and Match ResumeTrack Jobs with Teal

The Government Technology Agency (GovTech) aims to transform the delivery of Government digital services and products by taking an 'outside-in' view, putting citizens and businesses at the heart of everything we do. We also develop the Smart Nation infrastructure and applications and facilitate collaboration with citizens and businesses to co-develop technologies. Join us as we support Singapore's vision of building a Smart Nation - a nation of possibilities empowered through info-communications technology and related engineering. Do you want to apply your skills, knowledge and energy to implement cutting-edge infocomm technology and digital solutions that will change the lives of Singaporeans and the public? In GovTech, you can! The Cyber Security Group (CSG) is the cybersecurity arm of GovTech. CSG is committed to create a digital government that is safe and secure. CSG delivers technical and operational capabilities to counteract cyber threats, provides thought leadership on transformative cybersecurity governance and policies and to strengthen the cybersecurity posture of government agencies in a manner that is sustainable, pragmatic, and effective. We are looking for a Cybersecurity Engineer to be forward deployed to our managed agencies. This specialist is required to have technical expertise across multiple verticals and technologies to perform security threat modelling, risk assessment and security architecture review, including security testing.

  • Perform threat modelling and security risk assessments for large projects or systems.
  • Conduct vulnerability assessment/penetration testing for different technologies such as web application, infrastructure and cloud services.
  • Review external security assessor security testing scope and result to ensure sufficient coverage and test cases been performed.
  • Review DevSecOps security testing coverage and reports to ensure secure releases to production environments.
  • Familiar with cloud and infrastructure technologies to perform review security configurations.
  • Ensure that key security requirements are defined and designed into the systems, implemented in accordance with security by design.
  • Support business initiatives through risk management, which involves performing security risk assessment to identify and analyse security risks, recommending risk treatment and mitigation measures, and assess residual risks.
  • Develop and review project specific security specifications and ensure alignment to assessed security risks, security requirements, prevailing ICT security policies and standards.
  • Review security architectures, designs and implementations to ensure compliance with prevailing ICT security policies and standards. Identify design gaps and recommend security enhancements.
  • Involve in designing artefacts (spanning design, development, and implementation) into enterprise systems that are aligned to security principles and overall Enterprise System Architecture.
  • Stay abreast of current and emerging security technologies for cloud and on-premises, as well as the associated security threats and risks. Design security architecture and control measures to mitigate the relevant threats and risks.
  • Align security architecture frameworks and standards with business strategies and functions.
  • Partner with Chief Information Security Officers, stakeholders, project teams, and outsourced vendors to ensure security objectives are achieved.
  • Manage stakeholder relationships to ensure that cybersecurity services delivered meet their expectations.
  • Degree in Computer Science, Computer or Electronics Engineering or Information Technology or related disciplines.
  • Minimum 8 years of IT security experience in areas such as IT security consultancy and/or security testing.
  • Knowledge and experience in ICT security risk management methodologies and risk evaluation techniques.
  • Able to articulate cybersecurity risks, mitigation measures and residual risks orally and in writing to stakeholders, in an easily understood and actionable manner.
  • Familiar with scripting language, for example, Perl, Python, VBscript, Javascript or Powershell, Ruby.
  • Knowledge of security technologies (such as Nexpose/Nessus, BurpSuite, Metasploit, firewall, cryptography, identity and access management), and frameworks (such as MITRE ATT&CK framework), and security domains (such as network security, cloud security and application security).
  • Knowledge of system security architecture concepts including network topology, protocols, components and principles (e.g. application of Defence in Depth), and able to specify where and how security controls should be applied to or engineered into the security design.
  • Knowledge and experience in the provision of ICT security consultancy services would be advantageous.
  • Being a team player with good interpersonal skills.
  • Good written, verbal and presentation skills.
  • CREST, OSCP, GPEN and CISSP certification. Having SSCP, AWS Security, or related certifications would be of added advantage.
  • Able to work and communicate with all levels from senior management level to working level.
  • Singapore Citizen only
  • Flexible work arrangements
  • Holistic and market-competitive suite of perks
Track Jobs with Teal

Job Search Resources

AI Resume Builder
Cybersecurity Engineer Resume Examples
Cybersecurity Engineer Cover Letter Examples

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service