Search by job, company or skills

H

IT Security Lead - AMK

HYPERSCAL SOLUTIONS PTE. LTD.
Singapore, Beach Road
5-7 Years
SGD 8,000 - 9,500 per month
new job description bg glownew job description bg glownew job description bg svg
  • Posted a day ago
  • Be among the first 10 applicants
Early Applicant

Job Description

COMPANY DESCRIPTION

Beyondsoft (listed by the Shenzhen Stock Exchange, stock code 002649) is a global provider of IT consulting, product and solution services. Relying on strong R&D and innovation capabilities, the company widely adopts emerging technologies based on big data and mobile internet, including big data management platform, enterprise risk warning and public opinion monitoring system, AI-based intelligent operation and maintenance service, and intelligent automated test products. And a wide range of products and solutions, including internationally authoritative software testing qualification training, for a wide range of services in the fields of high technology, internet, finance, retail, logistics, energy, manufacturing, and medical.

For more information, please visit www.beyondsoft.com

RESPONSIBILITIES

The IT Security Lead will be responsible for end-to-end security governance, implementation, compliance, and operational security for mission-critical system operating in a secured environment. This role covers both Day 1 Security (Build / Project Implementation) & Day 2 Security (Operations / Production Support).

Day 1 - Project / Implementation Security

1. Security Architecture & Design

  • Define system security architecture aligned with Singapore Government security policies.
  • Review application, middleware, infrastructure, and platform designs for security compliance.
  • Conduct threat modelling and risk assessments map risks to mitigating controls.
  • Translate policy requirements into actionable technical controls across the stack.

2. Compliance & Governance

  • Ensure compliance with: IM8 / Government security policies, WholeofGovernment (WOG) security requirements, PDPA (where applicable)
  • Establish and oversee cyber security governance across infrastructure, application, and project teams.
  • Prepare and maintain documentation for: Security Risk Assessment (SRA), Vulnerability Assessment (VA), Penetration Testing (PT), Security hardening baselines and reports

3. Secure Development Oversight

  • Partner with software teams to enforce secure coding standards and DevSecOps practices.
  • Integrate and govern SAST/DAST, dependency/SCA scanning, and container image scanning in CI/CD.
  • Review and triage findings from tools (e.g., SonarQube, SCA, container scanners), drive remediation, and risk acceptance where needed.
  • Provide guidance on API security, token/secret management, and secure service-to-service communication.

4. Security Testing & Certification

  • Plan, coordinate, and manage VA/PT engagements and vendors.
  • Track findings through remediation to closure document residual risk and risk acceptance.
  • Support all security clearances and golive certifications.

5. Security Hardening

  • Review and approve: OS and baseline hardening, Middleware hardening, Database security configurations, Kubernetes / container security (RBAC, network policies, admission controls, secrets, image provenance), API gateway / WAF / ratelimiting / mTLS / OAuth2/OIDC configurations

Day 2 - Operations / Production Security

1. Incident Management

  • Lead security incident investigation, containment, and recovery.
  • Perform root cause analysis (RCA) and define corrective/preventive actions.
  • Coordinate with Gov SOC and stakeholders contribute to and refine playbooks.
  • Provide clear, timely communications to both technical and non-technical audiences.

2. Vulnerability & Patch Management

  • Oversee continuous vulnerability monitoring and posture management.
  • Track patch and configuration compliance across infrastructure, middleware, applications, and containers.
  • Provide risk assessments and compensating controls for deferred patches.

3. Security Monitoring & Audit

  • Review and tune alerts, detections, and dashboards in SIEM and related tools.
  • Ensure monitoring coverage for critical systems and highvalue assets.
  • Support internal/external audits and evidence collection close audit findings.

4. Compliance & Reporting

  • Prepare and present security posture, metrics, and trend reports to management.
  • Maintain risk registers and mitigation plans ensure uptodate security documentation.
  • Communicate security assessments and findings effectively to varied stakeholders.

5. Access Control Governance

  • Oversee and periodically review RBAC, MFA, Privileged Access Management (PAM), and joiner/mover/leaver processes.
  • Ensure least privilege, SoD, and periodic access recertifications.

6. Security Operations Contribution

  • Support incident response handling, log analysis, and activity reviews.
  • Drive continuous improvement across identify protect detect respond recover functions.
QUALIFICATIONS
  • Bachelor's Degree in Information Technology, Computer Science, or a related field.
  • At least 5 years ias a Security Lead / Security Architect preferable with experience in public sector IT projects and IM8/government security compliance
  • Hands-on experience with: Kubernetes / Docker security, API security, Identity & Access Management (IAM), Security tools (SAST/DAST/SIEM) and CI/CD-integrated security
  • Experience in Security tools (SAST/DAST/SIEM) and CI/CD-integrated security
  • Strong stakeholder management (Gov agencies, SOC, auditors, vendors, and delivery teams)
  • Ability to translate policy and risk into concrete technical controls and pragmatic delivery
  • Excellent documentation, reporting, and presentation skills
  • Risk-based decision making with clear rationale and traceability
  • Hands-on technical depth able to deep dive in architecture, code, pipelines, and platforms
  • Clear communicator to both technical and nontechnical audiences
  • Having certifications such as CISSP, CISM, CISA, CEH, GIAC (e.g., GSEC, GCIA, GCIH, GCSA) will be an added advantage.
  • AWS or Azure Security certifications

Beyondsoft is committed to being an equal opportunity employer and provides equal employment opportunities to all employees and applicants. We strive to cultivate a workplace that celebrates diversity and inclusion, where individuals of all backgrounds-regardless of nationality, ethnicity, religion, age, gender identity, sexual orientation, or any other distinguishing trait-can succeed and thrive. We prohibit discrimination and harassment of any type with regard to race, color, religion, age, national origin, disability status, genetics, sexual orientation, gender identity, or expression. This policy applies to all terms and conditions of employment, including recruiting, hiring, and the entire employee lifecycle. We are focused on creating an environment where everyone can reach their full potentetl

Employment offers from Beyondsoft are contingent upon the successful completion of any required pre-employment processes, in line with applicable laws and regulations. Beyondsoft does not ask for any recruitment fees, nor does it request any unauthorized payments from candidates as part of the hiring process.

Please note that your application will be sent to and reviewed by the direct employer - Beyondsoft International Singapore

More Info

Job Type:
Permanent Job
Industry:
Other
Function:
It Security
Employment Type:
Full time

Job ID: 143953691

Jobs by Skill - IT
Jobs by Skill - Non IT
International Jobs
Last Updated: 06-03-2026 06:09:58 PM
Homejobs in SingaporeIT Security Lead - AMK