Highly motivated and results-oriented Cybersecurity Engineer with 2 years of experience in ICT cybersecurity, risk management, and governance. Proven ability to conduct comprehensive security assessments, manage security systems, and ensure compliance with industry best practices and government standards. Expertise in TrendMicro solutions and GovTech cybersecurity frameworks, with a strong track record of enhancing threat detection, reducing vulnerabilities, and strengthening overall security posture. Adept at collaborating with internal teams and external vendors to achieve optimal security outcomes.
Key Responsibilities
Security Assessments & Risk Management
- Conducted regular security, risk, and audit assessments of ICT systems with cloud and application teams, ensuring alignment with industry best practices and frameworks (e.g., IM8)
- Provided expert security recommendations and advisory services for system implementations, proactively identifying and mitigating potential risks
Security Operations & Incident Response
- Managed and optimized intrusion detection/prevention systems and security monitoring tools, significantly enhancing threat detection capabilities
- Monitored and responded to security incidents, coordinating effective incident response activities and minimizing impact
- Enforced security policies, standards, and best practices across the organization, fostering a strong security-aware culture
- Maintained comprehensive security documentation and generated detailed reports for management and compliance purposes
TrendMicro & GovTech Cybersecurity Specialization
- Collaborated effectively with the TrendMicro Managed Security Operations Centre (SOC) team to investigate and resolve escalated security tickets, ensuring rapid threat mitigation
- Coordinated the onboarding and offboarding of TrendMicro SOCAAS with ITD, ensuring seamless service integration
- Monitored and ensured optimal performance of the TrendMicro CloudOne suite, including Conformity, Application Security, Network Security, Endpoint Protection, and TippingPoint Intrusion Prevention System
- Served as the primary liaison for TrendMicro vendor management, overseeing vendor communications and activities to ensure successful project delivery
- Oversaw TrendMicro project implementations, tracking timelines, milestones, and deliverables to guarantee on-time completion
- Monitored vendor performance against Service Level Agreements (SLAs), conducted review meetings, and proactively escalated issues to ensure service quality
- Executed acceptance testing and quality assurance for TrendMicro vendor deliverables, validating adherence to requirements
Assist ACISO in Daily Operations
- Managed and supported the GovTech Vulnerability Management System, contributing to systematic vulnerability reduction
- Supported the GovTech GCSOC/SOAR platform, enhancing security incident response and automation capabilities
- Utilized and supported the GovTech ABLR and CloudScape tools for enhanced security monitoring and governance
- Conducted monthly security log reviews and annual EPP and firewall rules reviews, ensuring continuous security posture optimization
- Reviewed Security Testing Reports (VAPT, VA, SCR), providing actionable insights for remediation
- Provided security advisories for architecture design, embedding security best practices from outset
- Actively participated in security incident response and handling, contributing to efficient and effective resolution
Outcomes
- Maintained security compliance with government standards and policies
- Enhanced threat detection and response capabilities
- Reduced vulnerabilities through systematic vulnerability management and timely remediation
- Strengthened security posture through regular assessments, reviews, and continuous improvement
- Efficient security incident management with documented response procedures
- Improved vendor accountability through structured project and performance management
- Increased security awareness across the agency
Essential Competencies
- Analytical & Problem-Solving Prowess: Demonstrated ability to dissect complex security challenges, identify root causes, and develop effective data-driven solutions with meticulous attention to detail and accuracy
- Effective Communication & Collaboration: Ability to articulate and persuade technical security concepts to diverse audiences including development teams, business stakeholders, and management proven ability to foster strong working relationships
- Independent Work Ethic & Adaptability: Proven capacity to manage multiple responsibilities autonomously while adapting to evolving security landscapes and organizational needs
- Process & Documentation Expertise: Solid understanding of change management principles and commitment to maintaining comprehensive and accurate security documentation
Preferred Technical Qualifications
- Educational & Professional Foundation: Relevant qualifications in cybersecurity, information technology, or related fields, complemented by professional certifications such as CISSP, CISM, CEH, or equivalent security credentials
- Technical Security Expertise: In-depth technical knowledge of network security, endpoint protection, encryption technologies, and strong command of security monitoring tools
- Frameworks & Standards Proficiency: Familiarity with IM8 and demonstrated experience ensuring alignment with Singapores national cybersecurity directives experience with ISO 27001, NIST Cybersecurity Framework, or similar governance models
Additional Competencies
- Hands-on Security Tool Experience: Practical experience with SIEM systems, vulnerability scanners, firewalls, and intrusion detection systems
- Risk Management & Compliance Acumen: Understanding of regulatory requirements and compliance standards with experience in risk management methodologies and security audit processes
- Incident Response & Analytical Skills: Proven ability to perform under pressure during security incidents supported by strong analytical and problem-solving capabilities
- Communication & Confidentiality: Excellent communication skills for liaison with technical teams, management, and external stakeholders with demonstrated ability to maintain strict confidentiality of sensitive security information
