#SGUnitedJobs Senior AppSec Specialist/ AppSec Team Lead
Government Technology Agency
Government Technology Agency
InfoComm, Technology, New Media Communications
The Government Technology Agency (GovTech) aims to transform the delivery of Government digital services by taking an "outside-in" view, putting citizens and businesses at the heart of everything we do. We also develop the Smart Nation infrastructure and applications, and facilitate collaboration with citizens and businesses to co-develop technologies.
Join us as we support Singapore’s vision of building a Smart Nation - a nation of possibilities empowered through info-communications technology and related engineering.
About the role The Clusters and Technology Management Office (CTMO) is spearheading the adoption of leading application security (AppSec) practices, standards and solution to fundamentally secure application software developed by our various application project/product teams.
As our senior AppSec specialist, you will lead our AppSec team and be responsible for planning our AppSec roadmap, standardisation of our AppSec practices and solutions, and delivery of AppSec professional services to our application teams. The AppSec professional services range from providing project-based AppSec consultancy, delivery of security assessments to training GovTech officers to uplift their AppSec capabilities.
- Study and propose AppSec roadmap to uplift the way apps security is practised today.
- Develop secure application development practices, standards, guidelines and solutions with the aim to standardise and raise the AppSec practices of our application teams.
- Develop AppSec requirement specifications that can be adopted by application development & maintenance tenders as the baseline application security requirements for contractors.
- Promote the adoption of leading AppSec practices and solutions among agency apps teams in line with the current development in the AppSec space.
- Perform AppSec assessments for selected applications using a combination of threat modelling, vulnerability research, code scanning, application security testing and recommendation of proper remediation actions.
Define the communication and education framework to raise the AppSec awareness, capabilities and competencies of GovTech officers.
- Support other security roles and/or initiatives/assignments undertaken by CTMO being a senior CTMO officer.
- Degree in Computer/Computer Science or Electronics Engineering or Information Technology or equivalent.
- Minimum 8 years of work experience in with at least 2 years of relevant experience in (web or mobile-based application security).
- Certification in CISSP (Certified Information Systems Security Professional) and/or CISA (Certified Information Systems Auditor) is a plus.
- Strong interest and passion for the field of infocomm security, specifically in the area of application security.
- Familiar with application security review and testing approaches/methodologies in both waterfall and agile application development.
- Familiar with the concept of CI/CD and DevOps, and how security testings can be integrated and automated as part of software delivery pipelines.
- Able to recommend use of appropriate AppSec tools (e.g. static code scanners, dynamic scanners, etc) and assist apps teams in adopting these tools.
- Strong problem-solving and troubleshooting skills.
- Experience as penetration tester and source code reviewer is an added advantage.
- Able to work on 12-hour shift duty during crisis periods.
- Proactive self-starter with an analytical and creative mind.
- Result and customer oriented with multi-tasking capabilities.
- Excellent written, verbal communication, presentation and negotiation skills.
FindTheBestJob is a free service and does not charge a fee at any stage of application or recruitment process. Don’t provide your bank account or credit card details to anyone during job application. FindTheBestJob does not guarantee the availability of a job since organizations may end applications earlier than due date.