Lead Cybersecurity Engineer
Apply on
[1 year contract, renewable]
Only Singaporeans
The Government Technology Agency (GovTech) is the lead agency driving Singapore’s Smart Nation initiatives and public sector digital transformation. As the Centre of Excellence for Infocomm Technology and Smart Systems (ICT & SS), GovTech develops the Singapore Government’s capabilities in Data Science & Artificial Intelligence, Application Development, Smart City Technology, Digital Infrastructure, and Cybersecurity.
Play a part in Singapore’s vision to build a Smart Nation and embark on your meaningful journey to build tech for public good. Join us to advance our mission and shape your future with us today!
Who we are:
The Alliance for Digital Transformation (ADX) program office’s mission is to empower government agencies in its digital transformation journey through technology and engineering.
The ADX program office functions as a cap-center that offers consulting services in product management, design and software development to government agencies. By doing so, ADX builds up the digital competency of its partners on a sustainable basis and a vibrant ecosystem of exchange among the ADX program members.
The Cybersecurity Lead, is responsible for the strategizing and technical/technological implementation of security design/plans and measures across all products, common services, networks, cloud and other systems to ensure that 1) all products, services, networks, cloud and other systems are secure yet retain speed and usability, 2) has standardized and efficient processed for penetration and stress testing, 3) is able to provide zero trust architecture if desired, and 4) all product teams continually improve on their cybersecurity awareness and skill sets.
The Cybersecurity Lead is a senior tech role who is required to possess considerable programming, network security, and system security experience/skills. The jobholder will lead and hone all DevSecOps engineers.
What you will be working on:
1. All products are secure by respective requirements, yet retain speed and usability:
- Research and implement latest and most relevant security techniques, frameworks, and technologies.
- Plan, implement, and sustain systems and processes to incorporate software frameworks/tools into existing CI/CD pipelines with the associated security requirements.
- Plan, implement, and sustain a penetration / stress testing regime for all products, including desired cybersecurity performance metrics. Lead DevSecOps engineers to be executed said regime (or do so personally).
- Apprise senior stakeholders of actionable cybersecurity insights.
- Formulate plan for corrective action to ensure all products become secure (should they be not satisfactorily secure). Directly modify code and educate developers if required.
2. Able to provide zero trust architecture products/hosting/networks if required:
- Research and be the subject matter expert on zero trust architecture, in the context of various air gapped systems.
- Devise roadmap for the long-term development of this capability, identify required resources, talents, and bureaucratic dealbreakers.
- In due time, implement and sustain said roadmap.
3. Product teams embrace and understand cybersecurity by design, and know what takes to CI/CD products that meet various levels of security requirements:
- Periodically review code/features of each product to identify adverse security trends and to apply corrective re-education and/or action if needed.
- Influence the developer and product manager training roadmaps through stakeholders to ensure that required cybersecurity competencies are included.
- Be the standards bearer for DevSecOps engineers, periodically review DevSecOps performance, hone and train if required.
What we are looking for:
- Minimum of 7 years’ experience with cybersecurity consultancy or related scope of work
- Passion in driving for DevSecOps (and/or DevOps) transformation
- Passion for automation and security best practices
- Experience with architecting using cloud providers like AWS, GCP, Azure
- Experience with Source Code Review in an enterprise setting
- Experience with Penetration Testing in an enterprise setting
- Experience with DevOps toolset like JIRA, BitBucket, Confluence
- Experience with Agile methodologies
Added advantage if you possess the following:
- Experience with these security tools in the enterprise setting: Hashicorp Vault, Splunk Enterprise, Tenable, HP Fortify, Sonatype Nexus IQ
- Experience with security assessments pertaining to government projects
- Security certifications or qualifications