GovTech’s Government Digital Services (GDS) seeks to drive the digital transformation of the Government. As part of this dynamic group, you will join a multi-disciplinary team to modernize the way digital applications and services are developed, deployed and maintained across the Whole-of-Government. Our objective is to augment engineering teams with platforms and services that shortens time-to-market and improves operational agility. We employ DevOps principles and ‘shift-left’ technologies in crafting solutions in areas like continuous integration/deployment, data sharing as well as applications observability, testing and security.
This is an exciting position with many opportunities for groundbreaking contributions. You will be a consultant in the team who knows what needs to be in place to enable the platform to work, while handling security risks.
Join us as we support Singapore’s vision of building a Smart Nation. A nation of possibilities empowered through info-communications technology and related engineering.
What you will be working on:
- Work with stakeholders such as developers, infrastructure and platform engineers, etc. to achieve security objectives in a Software development/ Agile setting
- Lead and hold discussions to coordinate and plan for timely security assessments
- Conduct security risk assessments at various levels – application, infrastructure, network, etc and consolidating report metrics for those assessments.
- Work with engineers and developers to remediate security risks from assessments
- Review and handle change requests from a security risk perspective
- Improve visibility and have oversight of security assessments by integrating with ticketing tools
- Explore, setup use and deploy new security assessment tools to meet vital security objectives
What we are looking for:
- Minimum of 4 to 7 years’ experience with cybersecurity consultancy or related scope of work
- Passion in seeking for DevSecOps (and/or DevOps) transformation
- Passion for automation and security standard methodologies
- Experience with Source Code Review, Penetration Testing, Application Development in an Agile - Software Development Lifecycle
- Experience with DevOps toolset like JIRA, BitBucket, Confluence
- Experience with designing and architecting systems in an enterprise setting
- Experience with cloud providers like AWS, GCP, Azure
- Experience as a member or leading a security engineering team. If you are a leader, we'll explore more senior App Sec roles with you.
- Experience with these security tools in the enterprise setting, e.g. Hashicorp Vault, Splunk Enterprise, Tenable, HP Fortify, Sonatype Nexus IQ
- Experience with security assessments pertaining to government projects
- Security certifications or qualifications
- Experience with continuous integration and continuous delivery /deployment methodology
- Worked for an organization which succeeded DevSecOps transformation
We are an equal opportunity employer and value diversity at our company as we believe that diversity is meaningful to innovation. Our employee benefits are based on a total rewards approach, offering a holistic and market-competitive suite of perks. This includes generous leave benefits to meet your work-life needs. We trust that you will get the job done wherever you are, and whatever works best for you – so work from home or take a break to exercise if you need to*. We also believe it’s important for you to keep honing your craft in the constantly-evolving tech landscape, so we provide and support a plethora of in-house and external learning and development opportunities all year round.
*Subject to the nature of your job role that might require you to be onsite during fixed hours