Lead/Senior Cybersecurity Operations Specialist (Security Services)

Senior/CybersecurityOperations Specialist (Security Services)

Job Description & Requirements

The client is a leading agency driving their clients initiatives and public sector digital transformation. As the Centre of Excellence for Infocomm Technology and Smart Systems (ICT & SS), the client develops the client's capabilities in Data Science & Artificial Intelligence, Application Development, Smart City Technology, Digital Infrastructure, and Cybersecurity.
The client offers the successful candidate a purposeful career to make livesbetter where they empower the people to master their craft through robust learning and development opportunities all year round.

The Cyber Security Group is the cybersecurity arm of our client. CSG is committed to create a digital government that is safe and secure. CSG delivers technical and operational capabilities to counteract cyber threats, provides thought leadership on transformative cybersecurity governance and policies and to strengthen the cybersecurity posture of government agencies in a manner that is sustainable, pragmatic, and effective.

To enhance infocomm security capabilities client, it appoints Chief Information Security Officer (CISO) teams at the various ministries to oversee infocomm security management.

As the Security Services Specialist within the firm, you will be the domain expert responsible for elevating the security testing and'Secure-by-Design capabilities across the entire firm. You willbridge the gap between high-level governance and technical implementation, ensuring that all agencies under the firm's purview adopt consistent, high-quality security practices. Your role is pivotal in shifting the firm from a reactive security posture to a proactive, resilient one.

Key Responsibilities

Security Testing Governance &Standardisation

. Establish Standards: Define and maintain the Ministry-wideframework for security testing (Vulnerability Assessment and Penetration Testing - VAPT).

. SOP Development: Create and roll out Standard OperatingProcedures (SOPs) to guide Agency project teams on engaging external security vendors and managing internal testing cycles.

. Quality Assurance: Develop Quality Rubrics to helpagencies evaluate the performance of pen-testers. You will conduct periodic sampling of testing reports and project involvements to ensure quality and rigour across the firm.

Advanced Technical Operations

. Red Teaming & Critical Testing: Lead and execute complex RedTeaming exercises and deep-dive penetration tests on the client's high-impact systems.

. Adversary Simulation: Utilise knowledge of the latest AdversaryTactics, Techniques, and Procedures (TTPs) to simulate real-world attacks, helping agencies identify blind spots in their prevention, detection and response capabilities.

. Environmental Scanning: Proactively monitor the global threatlandscape to identify emerging threats and evolving actor TTPs. Assess how these changes impact the firm's current security posture and update testing standards accordingly.

Secure-by-Design & Source CodeExcellence

. Secure Coding Standards: Establish Ministry-wide secure codingguidelines (e.g., based on OWASP, SANS) to ensure developers build security into the application layer from day one.

. Source Code Analysis: Lead the strategy for Static ApplicationSecurity Testing (SAST) and Software Composition Analysis (SCA). You will evaluate tools that automate the detection of vulnerabilities in source code and third-party libraries.

. CI/CD Integration: Evaluate, recommend, and provide guidance onintegrating security tools into the agencies DevOps pipelines (DevSecOps).

. Code Quality Oversight: Review and recommend systems that help to boost code quality, ensuring that security is treated as a core component of clean code.

. Technology Foresight: Stay abreast of technology changes (e.g.,Cloud-native security, AI-driven development) and recommendsystems/technologies that enhance code quality and resilience.

Stakeholder Engagement & Advocacy

. Consultative Leadership: Act as a trusted advisor to AgencyCIOs, ACISOs, and Project Owners to educate them and inculcate a culture of secure-by-design.

. Community of Practice: Establish a platform for knowledge sharing among security practitioners within the firm to harmonise security testing efforts.

Experience

. Years of Experience: 8 to 10 years of deep technical experience in Cybersecurity, with a strong focus on offensive security and application security.

. Domain Expertise: Proven track record in conducting penetrationtests for Web Applications, IT Systems (on-premises and cloud environments and complex Network architectures.

. Code Review Mastery: Experience in performing manual andautomated source code reviews to identify logic flaws, injectionvulnerabilities, and cryptographic weaknesses.

Technical Skills

. Secure Development: Deep understanding of secure softwaredevelopment lifecycles (SSDLC) and the ability to read/analyze common programming languages (e.g., Java, Python, .NET, JavaScript).

. Source Code Analysis Tools: Proficiency with enterprise-gradeSAST, DAST, SCA and VAPT tools (e.g., Checkmarx, Fortify, SonarQube, Snyk, Burp Suite).

. Offensive Security: Proficiency in manual and automated testingtools deep understanding of the MITRE ATT&CK framework and common TTPs.

. Cloud & DevOps: Experience with Government Commercial Cloud(GCC) environments and practical knowledge of Jenkins, GitLab CI, or GitHub Actions.

. Certifications: Professional certifications such as OSCP, OSWE(Offensive Security Web Expert), CASE (Certified Application SecurityEngineer), or GWEB are highly desirable.

Soft Skills

. Influence & Diplomacy: Ability to communicate complex technical risks to non-technical stakeholders (CIOs/Project Owners) and influence change without direct reporting lines.

. Analytical Mindset: Ability to spot patterns in bad'testing jobs or recurring code vulnerabilities and provide constructive feedback to improve agency-level performance.

. Intellectual Curiosity: A strong commitment to continuous learning and keeping pace with the rapidly evolving cyber threat landscape.

Other Requirements

. This role is open to Singaporeans Only

We are an equal opportunity employer and value diversity at our company as we believe that diversity is meaningful to innovation. Our employee benefits are based on a total rewards approach, offering a holistic and market-competitive suite of perks. This includes generous leave benefits to meet your work-life needs. We trust that you will get the job done wherever you are, and whatever works best for you - so work from home or take a break to exercise if you need to.. We also believe it's important for you to keep honing your craft in the constantly-evolving tech landscape, so we provide and support a plethora of in-house and external learning and development opportunities all year round.

Subject to the nature of your job role that might require you to be onsite during fixed hours.