Cybersecurity Consultant, Chief Information Officer Office

Overview
Cybersecurity Consultant, Chief Information Officer Office
What the Role Is
The Consultant serves as a pivotal player in building, maintaining, and improving our automated infrastructure and securing software delivery pipelines. You\'ll work hands-on to design, implement, and optimize CI/CD processes, ensuring seamless integration of development, operations, and security practices throughout the entire software lifecycle. Your responsibilities will include automating deployments, managing cloud resources, troubleshooting system issues, and proactively identifying and mitigating security vulnerabilities within our applications and infrastructure.
Responsibilities
Automation Champion: Design, implement, and maintain automation scripts and tools to streamline security processes and improve efficiency.
Security Integration: Integrate security tools and practices seamlessly into the CI/CD pipeline, including static and dynamic application security testing (SAST/DAST), vulnerability scanning, and security configuration management.
Infrastructure as Code (IaC) Security: Implement security best practices within our IaC frameworks (e.g., Terraform, CloudFormation) to ensure secure infrastructure deployment and management.
Cloud Security: Architect and implement security controls and best practices within cloud environments (e.g., AWS, Azure, GCP), ensuring compliance and protecting sensitive data.
Threat Modelling and Risk Assessment: Participate in threat modelling exercises and conduct security risk assessments to identify and mitigate potential vulnerabilities.
Incident Response: Participate in security incident response activities, providing technical expertise and contributing to post-incident analysis.
Monitoring and Logging: Implement and maintain operation and security monitoring, and logging solutions to detect and respond to operation and security events.
Collaboration and Communication: Work closely with development, operations, and security teams to foster a security-conscious culture and provide guidance on secure development practices.
Compliance and Governance: Assist in ensuring compliance with relevant security standards and regulations.
Continuous Improvement: Stay up-to-date with the latest security trends, technologies, and best practices, and proactively recommend and implement improvements to streamline the automation and improve the security posture.
Requirements
Diploma or degree in Cyber/Info Security, Computer Science/Engineering or any relevant qualifications.
Professional certifications in cloud technologies, automation and software development or equivalent is an advantage
A collaborative team player with a positive attitude who excels working together or independently with minimal supervision
An engineer at heart with a passion in the work he does and willingness to learn, share and mentor peers
Strong understanding of infrastructure design and security for cloud and on-premise technologies, software development lifecycles (SDLC) and agile methodologies.
Experience in developing automation pipelines and integrating security tools into them (e.g., GitLab, Jenkins, Ansible, Azure DevOps).
Experience in integrating security testing tools (eg. SAST, DAST, SCA, vulnerability scanners).
Experience with Infrastructure as Code (IaC) tools (e.g., Terraform, CloudFormation) and implementing security within IaC.
Familiar with containerization technologies (e.g., Docker, Kubernetes) and their security implications
Strong scripting and automation skills (e.g., Python, Go, Bash, PowerShell).
Excellent problem-solving, analytical, and communication skills.
Experience with threat modelling methodologies.
Knowledge of security frameworks and standards (e.g., NIST CSF, OWASP).
Experience with security incident response processes.
Knowledge and understanding of Government cloud environments is an advantage
Note: CSA will be shifting to Punggol Digital District (PDD) in year 2026.
#J-18808-Ljbffr