Senior/ Cybersecurity Engineer

What the role is
GovTech is the lead agency driving Singapore's Smart Nation initiatives and public sector digital transformation. As the Centre of Excellence for Infocomm Technology and Smart Systems (ICT & SS), GovTech develops the Singapore Government's capabilities in Data Science & Artificial Intelligence, Application Development, Smart City Technology, Digital Infrastructure, and Cybersecurity. GovTech offers opportunities for a purposeful career with continuous learning and development to help you master your craft. Join us to advance Singapore's vision to build a Smart Nation and shape your future with tech for public good.
Learn more about GovTech at
What you will be working on
GovTech Government Digital Transformation (GDT) team is hiring for
Cybersecurity Engineer
who is familiar with security architectures, testing and assessment of ICT systems operating in on-premises and cloud platforms. The specialist is expected to have technical expertise across multiple verticals and technologies to perform security operations, risk assessment and security architecture review, including developing actionable measures to be applied.
(What you will be working on)
Emplaced in public agencies, you will collaborate with stakeholders (including GovTech HQ teams, CISOs, agency project teams, and outsourced vendors) and will be responsible for:
Assisting in the development of agency-specific security specifications and reviewing and providing consultancy on the project-specific infrastructure and application systems security architectures and designs to ensure compliance with prevailing ICT security policies, standards, and guidelines.
Ensuring implementations are in accordance with the reference security design architecture framework and standards, and recommending enhancements for identified design gaps.
Supporting agencies' business initiatives through risk management, including performing security risk assessments, and recommending risk treatment and ensuring mitigation measures are applied.
Participating in scoping and facilitating security tests and audits, and reviewing their results to ensure security assurance is achieved before the system is commissioned.
Managing agencies' security operations and supporting the CISO in addressing cybersecurity incidents.
Collating agencies' security scorecards and other performance metrics, and providing insights in the reports to management.
Staying updated on current and emerging security technologies for cloud and on-premises platforms, as well as tracking the evolving threat landscape, including threat actors and attack methodologies to support agencies' gap analysis and threat management.
What we are looking for
Degree in Computer Science, Computer or Electronics Engineering or Information Technology or related disciplines.
Minimum 3 years of IT security experience in IT security consultancy and security operations, including management, deployment, and maintenance of security for ICT systems.
Knowledge and experience in ICT security risk management methodologies and evaluation techniques.
Ability to effectively communicate cybersecurity risks, mitigation measures, and residual risks to stakeholders.
Knowledge of cloud and on-premises security technologies, such as SIEM, Log Management and Analysis Tools, firewall, cryptography, vulnerability scanning tools, endpoint security, identity and access management, as well as frameworks like the MITRE ATT&CK framework, and security domains including data security, network security, cloud security, and application security.
Knowledge of system security architecture concepts, including network topology, protocols, components, and principles (e.g., Defence in Depth), and industry security standards such as NIST, ISO/IEC 27001/2, and the ability to specify where and how security controls should be applied to or engineered into the security design.
Familiarity with application security tools for testing, such as vulnerability assessment, penetration testing (VA/PT), source code reviews, and static/dynamic application security tests, as well as concepts of waterfall and agile application development methodologies, and DevSecOps concepts.
Knowledge and experience in providing ICT security consultancy and/or audit services would be advantageous.
Team player with good interpersonal skills.
Possess good written, verbal, and presentation skills.
Possess CISSP and/or CISA certification. Having SSCP, GDSA, Cloud Security, or related certifications would be advantageous.
Singapore Citizen only.
GovTech is an equal opportunity employer committed to fostering an inclusive workplace that values diverse voices and perspectives, as we believe it is key to innovation.
Our employee benefits are based on a total rewards approach, offering a holistic and market-competitive suite of perks.
We champion flexible work arrangements (subject to your job role) and trust you to manage your time to deliver your best.
Learn more about life inside GovTech at
About Government Technology Agency
The Government Technology Agency (GovTech) is the lead agency driving Singapore's Smart Nation initiatives and public sector digital transformation. As the Centre of Excellence for Infocomm Technology and Smart Systems (ICT & SS), GovTech develops the Singapore Government's capabilities in Data Science & Artificial Intelligence, Application Development, Smart City Technology, Digital Infrastructure, and Cybersecurity. GovTech offers a purposeful career to make lives better, with continuous learning and development opportunities. GovTech aims to transform the delivery of Government digital services by putting citizens and businesses at the heart of everything we do. Learn more about GovTech at
#J-18808-Ljbffr