Senior/Lead Cybersecurity Engineer

What the role is: GovTech is the lead agency driving Singapore's Smart Nation initiatives and public sector digital transformation. As the Centre of Excellence for Infocomm Technology and Smart Systems (ICT & SS), GovTech develops the Singapore Government's capabilities in Data Science & Artificial Intelligence, Application Development, Smart City Technology, Digital Infrastructure, and Cybersecurity. At GovTech, we offer you a purposeful career to make lives better where we empower our people to master their craft through robust learning and development opportunities all year round. Play a part in Singapore's vision to build a Smart Nation and embark on your meaningful journey to build tech for public good. Join us to advance our mission and shape your future with us today Learn more about GovTech at tech.gov.sg. Who we are: Part of Government Digital Transformation (GDT), Alliance for Digital Transformation (ADX)'s mission is to empower government agencies in its digital transformation journey through technology and engineering. ADX functions as a cap‐center that offers consulting services in product management, design and software development to government agencies. By doing so, ADX builds up the digital competency of its partners on a sustainable basis and a vibrant ecosystem of exchange among the ADX program members. Responsibilities: The Cybersecurity Lead is responsible for strategizing and technical/technological implementation of security design/plans and measures across all products, common services, networks, cloud and other systems to ensure that: 1) all products, services, networks, cloud and other systems are secure yet retain speed and usability, 2) has standardized and efficient processed for penetration and stress testing, 3) is able to provide zero trust architecture if desired, and 4) all product teams continually improve on their cybersecurity awareness and skill sets. The Cybersecurity Lead is a senior tech role who is required to possess considerable programming, network security, and system security experience/skills. The job holder will lead and hone all DevSecOps engineers. What you will be working on: 1. All products are secure by respective requirements, yet retain speed and usability: Research and implement latest and most relevant security techniques, frameworks, and technologies. Plan, implement, and sustain systems and processes to incorporate software frameworks/tools into existing CI/CD pipelines with the associated security requirements. Plan, implement, and sustain a penetration / stress testing regime for all products, including desired cybersecurity performance metrics. Lead DevSecOps engineers to be executed said regime (or do so personally). Apprise senior stakeholders of actionable cybersecurity insights. Formulate plan for corrective action to ensure all products become secure (should they be not satisfactorily secure). Directly modify code and educate developers if required. 2. Able to provide zero trust architecture products/hosting/networks if required: Research and be the subject matter expert on zero trust architecture, in the context of various air gapped systems. Devise roadmap for the long-term development of this capability, identify required resources, talents, and bureaucratic dealbreakers. In due time, implement and sustain said roadmap. 3. Product teams embrace and understand cybersecurity by design, and know what takes to CI/CD products that meet various levels of security requirements: Periodically review code/features of each product to identify adverse security trends and to apply corrective re-education and/or action if needed. Influence the developer and product manager training roadmaps through stakeholders to ensure that required cybersecurity competencies are included. Be the standards bearer for DevSecOps engineers, periodically review DevSecOps performance, hone and train if required. What we are looking for: Minimum of 7 years' experience with cybersecurity consultancy or related scope of work Passion in driving for DevSecOps (and/or DevOps) transformation Passion for automation and security best practices Experience with architecting using cloud providers like AWS, GCP, Azure Experience with Source Code Review in an enterprise setting Experience with Penetration Testing in an enterprise setting Experience with DevOps toolset like JIRA, BitBucket, Confluence Experience with Agile methodologies Added advantage if you possess the following: Experience with these security tools in the enterprise setting: Hashicorp Vault, Splunk Enterprise, Tenable, HP Fortify, Sonatype Nexus IQ Experience with security assessments pertaining to government projects Security certifications or qualifications GovTech is an equal opportunity employer committed to fostering an inclusive workplace that values diverse voices and perspectives, as we believe it is key to innovation. Our employee benefits are based on a total rewards approach, offering a holistic and market-competitive suite of perks. We champion flexible work arrangements (subject to your job role) and trust you to manage your time to deliver your best. Learn more about life inside GovTech at go.gov.sg/GovTechCareers. #J-18808-Ljbffr