logo
Government Technology Agency

Government Technology Agency

Senior Cybersecurity Operations Specialist

Full-time

GovTech is the lead agency driving Singapore’s Smart Nation initiatives and public sector digital transformation. As the Centre of Excellence for Infocomm Technology and Smart Systems (ICT & SS), GovTech develops the Singapore Government’s capabilities in Data Science & Artificial Intelligence, Application Development, Smart City Technology, Digital Infrastructure, and Cybersecurity.  

At GovTech, we offer you a purposeful career to make lives better where we empower our people to master their craft through robust learning and development opportunities all year round. 

Play a part in Singapore’s vision to build a Smart Nation and embark on your meaningful journey to build tech for public good. Join us to advance our mission and shape your future with us today!  

Learn more about GovTech at tech.gov.sg. 

[What you will be working on] 

The Cyber Security Group (CSG) is the cybersecurity arm of GovTech. CSG is committed to create a digital government that is safe and secure. CSG delivers technical and operational capabilities to counteract cyber threats, provides thought leadership on transformative cybersecurity governance and policies and to strengthen the cybersecurity posture of government agencies in a manner that is sustainable, pragmatic, and effective.  

To enhance infocomm security capabilities in GovTech and the Whole-of-Government (WOG), GovTech appoints Chief Information Security Officer (CISO) teams at the various ministries to oversee infocomm security management.  

As the Security Operations Specialist within the Ministry CISO (MCISO) Office, you will be the lead architect of the Ministry’s operational resilience. You are responsible for ensuring that the entire Ministry Familyspanning multiple agencies maintains a high state of readiness against cyber threats. You will standardise incident response, oversee comprehensive monitoring, and drive advanced resiliency testing (such as chaos testing) to ensure that the Ministry can withstand and recover from sophisticated attacks. 

 

Key Responsibilities 

  1. Incident Management & Response Standardisation
  • Unified Playbooks:Establish and maintain Ministry-wide Incident Response (IR) playbooks for diverse threat scenarios (e.g., Ransomware, Data Exfiltration, Cloud breaches). 
  • Crisis Leadership: Provide direct guidance and technical oversight to agencies during High and Critical severity incidents, ensuring timely reporting and effective containment. 
  • Incident Governance: Work with Agency CIOs and CISOs to establish clear command structures and roles, empowering leaders to make difficult, high-stakes decisions during a crisis. 
  1. Operational Readiness & Resiliency Testing
  • Advanced Exercises: Design and oversee high-quality Tabletop Exercises (TTX) for various stakeholders (system owners, SIROs, CISOs, CIOs). You will evaluate external vendors to ensure these exercises are realistic, comprehensive, and push the Ministry’s limits. 
  • Chaos Testing: Drive the adoption of chaos testing across agencies to validate the adequacy of resiliency plans and identify hidden failure points in critical systems. 
  • Capability Building: Continuously assess the operational readiness of the Ministry Family and lead initiatives to bridge identified gaps in incident management. 
  1. Continuous Monitoring & Asset Governance
  • Centralised Monitoring: Ensure all Ministry systems are effectively onboarded to central monitoring services. Work with system owners on overcoming challenges encountered during onboarding. 
  • Asset Visibility: Partner with Agency CIOs to maintain a robust and updated IT asset inventory, ensuring that "you cannot protect what you do not know." 
  • Custom Threat Scenarios:Provide expert guidance for agencies with unique threat use cases or specialised systems (e.g., OT/ICS) that fall outside standard monitoring coverage, helping them build bespoke detection capabilities. 
  1. Vulnerability & Attack Surface Management
  • Full-Spectrum SOPs:Establish Standard Operating Procedures for vulnerability management across on-premises, cloud (GCC), and OT environments. Ensure that there are proper procedures for managing unpatched vulnerabilities. 
  • Attack Surface Scanning: Ensure agencies deploy adequate internal and external scanning tools. You will oversee the workflow for finding prioritisation and validate that patches are applied and effective. 
  1. Advocacy & Education
  • Resilience Culture: Educate agency stakeholders on the critical importance of Response and Business Continuity Planning (BCP). 
  • Stakeholder Inculcation: Foster a mindset of "assumed breach," ensuring project owners and agency leaders understand their roles in threat monitoring and incident management. 

 

Qualifications & Requirements 

Experience 

  • Years of Experience: 8 to 10 years of deep experience in Cybersecurity Operations, SOC Management, or Incident Response. 
  • Crisis Management: Proven track record of leading or providing technical oversight in high-pressure, high-severity security incidents. 
  • Domain Expertise: Experience managing security operations across complex hybrid environments (On-premise, Cloud, and OT). 

Technical Skills 

  • Incident Response & Forensics: Mastery of IR methodologies and a strong understanding of digital forensics and malware analysis. 
  • Threat Intelligence & TTPs: Deep knowledge of the threat landscape and the ability to map monitoring use cases to the MITRE ATT&CK framework. 
  • Vulnerability & Exploitation Research: Deep understanding of the CVE (Common Vulnerabilities and Exposures) system and CVSS scoring. Knowledge of exploitation techniques and the mechanics of how vulnerabilities are weaponised by threat actors. Ability to assess the "exploitability" of a vulnerability within the specific context of the Ministry’s environment to prioritise remediation. 
  • Detection Technologies:Proficiency in SIEM, SOAR, XDR, and EDR technologies. Ability to evaluate the relevancy of existing monitoring tools against evolving threats. 
  • Cloud Operations: Strong understanding of monitoring and responding to incidents within Government Commercial Cloud (GCC) and native cloud environments. 
  • Certifications: Professional certifications such as GCIH (GIAC Certified Incident Handler), GCFA (GIAC Certified Forensic Analyst), CHFI, or CISSP are highly desirable. 

Soft Skills 

  • Command & Control: Ability to remain calm and provide clear, authoritative guidance during high-stakes security crises. 
  • Diplomacy & Education: Skill in translating operational needs into strategic priorities for Agency CIOs and CISOs. 
  • Strategic Foresight: A strong interest in emerging security technologies and the ability to proactively adapt monitoring strategies to counter new actor TTPs. 

Other Requirements 

  • This role is open to Singaporeans Only. 

About your application process

If you do not hear from us within 4 weeks of the job ad closing date, we seek your understanding that it is likely that we are not moving forward with your application for this role. We thank you for your interest and would like to assure you that this does not affect your other job applications with the Public Service. We encourage you to explore and apply for other roles within Government Technology Agency or the wider Public Service.