Security Architect

Location: Singapore, Singapore

Thales people architect identity management and data protection solutions at the heart of digital security. Business and governments rely on us to bring trust to the billons of digital interactions they have with people. Our technologies and services help banks exchange funds, people cross borders, energy become smarter and much more. More than 30,000 organizations already rely on us to verify the identities of people and things, grant access to digital services, analyze vast quantities of information and encrypt data to make the connected world more secure.

Thales established its presence in Singapore in 1973 to support the expansion of aerospace-related activities in the Asia-Pacific region. Throughout the last four decades, the company grew from strength to strength and is today involved in the primary businesses of Aerospace (including Air Traffic Management), Defence & Security, Ground Transportation and Digital Identity & Security. Thales today employs over 2,100 people in Singapore across all its business areas.

We deliver identity and biometric solutions to customers worldwide especially for public sector in APAC regions. Depending on the scale and requirements of each project, activities can range from pre-sales support, requirement gathering, solution design, development, validation, deployment, integration to support & maintenance.

We sometimes work at customer site to integrate and test several software components, to ensure success customer acceptance and smooth go-live. We also work closely with customer to get detailed requirements, perform customer acceptance, demo, training, etc.

Together, we grow through several challenging projects each year, internal knowledge sharing, job rotation, on-the-job training and self-study.

As a Security Architect for the Singapore Delivery Center, you will lead security activities and topics including interpretation of security requirements, design and implementation of corresponding system security architecture, assessing the risk from deviation as well as support security acceptance test in local and customer environments.

**Responsibilities**:

- Interface with customer for meetings, gathering requirement/feedback.
- Work closely with the Solution Architect to provide system security architecture, deployment architecture and security concern/risk of component and solution level.
- Provide workload estimation for security activity of each task, component and solution level.
- Analyze security requirement and write corresponding security requirement specification.
- Conduct security assessment and mitigation plan for vulnerabilities/risks from deviations and non-compliances.
- Write security test plan and security test specification corresponding to tender, project timeline, software requirement specification, interface control document, etc.
- Propose and set up security tools that to be used in the project.
- Perform security test, security scan/check, analyze scanned result and provide solution, workaround and mitigation plan.
- Conduct and support security acceptance tests.
- Prepare security acceptance test reports.
- Write software security guidelines that shall be applied in the project and Singapore Delivery Center.
- Conduct security knowledge sharing with engineering team.
- Support, investigate and propose solution/workaround for security issue.
- Coordinate with teams and stakeholders globally to gain knowledge and support technical analysis on security related topics.
- Support pre-sales by technical feasibility study, customize the product for POC demo, etc.

**Knowledge, Skills and Experience**:

- At least **6 years **’ working experience in designing, implementing and testing system security architecture of similar scale; or
- At least 2 years’ working experience in designing, implementing and testing system security architecture of similar scale - plus having attained at least one (1) of the following:

- Information Security Master’s degree from U.S. National Centres of Academic Excellence in Cyber Defence (NSA/DHS CAE) or those certified by U.K. National Cyber Security Centre (GCHQ’s NCSC);
- CREST Registered Technical Security Architect (CRTSA); or
- Information Systems Security Architecture Professional (CISSP-ISSAP).
- Ability to explain to stakeholders from various technical background
- Team player
- It is a plus if you have experience and understanding of
- Customer facing
- Penetration test
- High availability (HA) deployment architecture
- Technology : Java, Bash script (Linux), Jenkins
- Test tools : JUnit, JMeter, SOAP UI, Postman, AngularJS
- Enterprise tools : JIRA, confluence, etc.
- Government or public sector related projects
- Able to commit short/medium duration worldwide business trips as required by project
- Due to government project requirements, Singapore citizenship is highly preferred.