The Clusters and Technology Management Office (CTMO) is spearheading the adoption of modern application security (AppSec) practices, standards and solution/tooling to fundamentally secure application software developed by our various application project/product teams.
As a senior AppSec specialist, you will be a key member of our AppSec team responsible for planning and executing our AppSec plan, standardisation of our AppSec practices and solutions, and delivery of AppSec professional services and trainings to our application teams to uplift their AppSec practices.
As a senior AppSec specialist, you will have the following job scope and responsibilities:
- Study and proposed AppSec roadmap to uplift the way apps security is practiced today.
- Develop secure application development practices, standards, guidelines and solutions with the aim to standardise and raise the AppSec practices of our application teams.
- Promote the adoption of leading AppSec practices and solutions among agency application teams in line with the current development in the AppSec space.
- Perform AppSec assessment services for selected applications using a combination of threat modelling, vulnerability research, code scanning, application security testing and recommendation of proper remediation actions.
- Develop AppSec related awareness programme/training/courses to uplift AppSec capabilities and competencies of GovTech officers.
- Support other security roles and/or security initiatives/assignments undertaken by CTMO being a senior CTMO officer.
- Degree in Computer/Computer Science or Electronic Engineering or Information Technology or equivalent.
- Minimum 8 years of work experience with at least 2 years of relevant experience in web or mobile application security.
- Possess one or more of these security certification, i.e. CISSP, CSSLP and/or CISA.
- Strong interest and passion for the field of infocomm security, specifically in the area of application security.
- Familiar with application security review and testing approaches/methodologies in both waterfall and agile application software development.
- Familiar with CI/CD and DevOps/DevSecOps, and how security testings can be integrated and automated as part of software delivery pipelines.
- Able to recommend use of appropriate AppSec tools (e.g. static code scanners, dynamic scanners, etc) and assist application teams in adopting these tools.
- Strong problem-solving and troubleshooting skills.
- Experience in performing risk assessment or threat modelling.
- Experience as penetration tester and source code reviewer is an added advantage.
- Proactive self-starter with an analytical and creative mind.
- Result and customer oriented with multi-tasking capabilities.
- Excellent written, verbal communication, presentation and negotiation skills.
- Singapore citizen only.