GovTech Cyber Security Group (CSG) is hiring DevSecOps practice specialists who are familiar with Agile methodology as well as DevOps CI/CD and cloud implementations. The specialist is required to research and identify potential security risks using Threat and Risk Assessment framework in DevOps and Cloud environment, and develop actionable DevSecOps practices and standards to be applied across the Whole of Government.
- Be actively involved in the provision of cybersecurity consulting services for large, national or Whole-of-Government projects or systems.
- Support business initiatives through risk management, which involves performing security risk assessment to identify and analyse security risks, recommending risk treatment and mitigation measures, and assess residual risks.
- Ensure that key security requirements are defined and designed into the systems, implemented in accordance to the security design, and in compliance with prevailing ICT security policies and standards.
- Develop and review project specific security specifications and ensure alignment to assessed security risks, security requirements, prevailing ICT security policies and standards.
- Review security architectures, designs and implementations to ensure compliance with prevailing ICT security policies and standards. Identify design gaps and recommend security enhancements.
- Involve in designing artefacts (spanning design, development, and implementation) into enterprise systems that aligns to security principles and overall Enterprise System Architecture.
- Stay abreast of current and emerging cloud security technologies and the associated security threats. Design security architecture control measures to mitigate the threats and risks.
- Align security architecture frameworks and standards with business strategies and functions.
- Involve in scoping of security tests, reviews and audits, as well as reviewing the results of security tests, reviews and audits to ensure security assurance is achieved.
- Partner with MCISO/ACISO, stakeholders, project teams, and outsourced vendors to ensure security objectives are achieved.
- Manage stakeholder relationships to ensure that consulting services delivered meet their expectations.
How to succeed:
- Strong command of English, both spoken and written.
- Strong technical background in DevOps and Cloud implementation.
- Experience with Agile methodologies and DevOps practices such as Continuous Integration and Continuous Deployment (CI/CD).
- Experience with commonly used DevOps tools such as Gradle, Git, Jenkins, Bamboo, Docker, Kubernetes, Puppet, Ansible and etc.
- Possess CISSP and/or CISA certifications. Having cloud security or DevSecOps related certification are of added advantage.
- Knowledge and experience in cloud design and architecture, and security practices/techniques to mitigate cloud security risks.
- Knowledge and experience of operational security management techniques, architecture and designs.
- Knowledge of cybersecurity attributes (e.g. confidentiality, integrity, availability, accountability, assurance, etc.) and security measures (e.g. authentication, authorisation etc.).
- Knowledge and experience of risk management methodologies and risk evaluation techniques.
- Able to articulate cybersecurity risks, mitigation measures and residual risks orally and in writing to stakeholders, in an easily-understood and actionable manner.
- Knowledge of system security architecture concepts including network topology, protocols, components and principles (e.g. application of Defence in-Depth), and able to specify where and how security controls should be applied to or engineered into the security design.
- Able to work and communicate with all level from senior management level to working level.
- Singapore Citizen only.