Join us as we support Singapore’s vision of building a Smart Nation - a nation of possibilities empowered through info-communications technology and related engineering.
As an associate/a specialist with the Cybersecurity team that is based in the Government Digital Services (GDS), you will perform penetration testing, and vulnerability assessment and source code security review that span across infrastructure, web application, mobile application. You will also provide guidance to security engineers and developers in developing secure applications.
- Conduct Penetration Testing (PT), Vulnerability Assessment (VA) and Source code security review on IT assets
- Support in the documentation of findings, analysis, report preparation and presentation
- Develop customised tools to conduct PT and VA
- Support stakeholders such as security engineers and developers in providing guidance to remediate security risks from security testing and assessments.
- Support stakeholders such as security engineers and developers in providing guidance in design and security controls in application, infrastructure, network, etc.
- Develop Application Security related awareness programme/training/courses to uplift application security capabilities and competencies of GovTech officers
- Familiar with security principles, policies and industry best practices
- Degree in Information Security, Computer Science/Engineering, IT, or equivalent
- Passionate in cybersecurity
- Good understanding of web application, system and infrastructure architecture
- Good communication & presentation skills
- Collaborative and team player, self-motivated, creative and versatile
Added Advantage If You Possess The Following
- Penetration testing-specific certifications such as GPEN, CREST, OSCP is an advantage
- At least 1-year hands-on experience performing PT/VA
- Public disclosure of vulnerabilities or relevant awards/participations from Capture-The-Flags (CTF) competitions
- Experience using tools such as Nexpose/Nessus, BurpSuite, Metasploit, etc.
- Experience in security risk assessments on application, infrastructure, network, etc.