Role The Consultant serves as a pivotal player in building, maintaining, and improving our automated infrastructure and securing software delivery pipelines. You'll work hands-on to design, implement, and optimize CI/CD processes, ensuring seamless integration of development, operations, and security practices throughout the entire software lifecycle. Your responsibilities will include automating deployments, managing cloud resources, troubleshooting system issues, and proactively identifying and mitigating security vulnerabilities within our applications and infrastructure.

Responsibilities 1. Automation Champion: Design, implement, and maintain automation scripts and tools to streamline security processes and improve efficiency. 2. Security Integration: Integrate security tools and practices seamlessly into the CI/CD pipeline, including static and dynamic application security testing (SAST/DAST), vulnerability scanning, and security configuration management. 3. Infrastructure as Code (IaC) Security: Implement security best practices within our IaC frameworks (e.g., Terraform, CloudFormation) to ensure secure infrastructure deployment and management. 4. Cloud Security: Architect and implement security controls and best practices within cloud environments (e.g., AWS, Azure, GCP), ensuring compliance and protecting sensitive data. 5. Threat Modelling and Risk Assessment: Participate in threat modelling exercises and conduct security risk assessments to identify and mitigate potential vulnerabilities. 6. Incident Response: Participate in security incident response activities, providing technical expertise and contributing to post-incident analysis. 7. Monitoring and Logging: Implement and maintain operation and security monitoring, and logging solutions to detect and respond to operation and security events. 8. Collaboration and Communication: Work closely with development, operations, and security teams to foster a security-conscious culture and provide guidance on secure development practices. 9. Compliance and Governance: Assist in ensuring compliance with relevant security standards and regulations. 10. Continuous Improvement: Stay up-to-date with the latest security trends, technologies, and best practices, and proactively recommend and implement improvements to streamline the automation and improve the security posture.

Requirements • Diploma or degree in Cyber/Info Security, Computer Science/Engineering or any relevant qualifications. • Professional certifications in cloud technologies, automation and software development or equivalent is an advantage • A collaborative team player with a positive attitude who excels working together or independently with minimal supervision • An engineer at heart with a passion in the work he does and willingness to learn, share and mentor peers • Strong understanding of infrastructure design and security for cloud and on-premise technologies, software development lifecycles (SDLC) and agile methodologies. • Experience in developing automation pipelines and integrating security tools into them (e.g., GitLab, Jenkins, Ansible, Azure DevOps). • Experience in integrating security testing tools (eg. SAST, DAST, SCA, vulnerability scanners). • Experience with Infrastructure as Code (IaC) tools (e.g., Terraform, CloudFormation) and implementing security within IaC. • Familiar with containerization technologies (e.g., Docker, Kubernetes) and their security implications • Strong scripting and automation skills (e.g., Python, Go, Bash, PowerShell). • Excellent problem-solving, analytical, and communication skills. • Experience with threat modelling methodologies. • Knowledge of security frameworks and standards (e.g., NIST CSF, OWASP). • Experience with security incident response processes. • Knowledge and understanding of Government cloud environments is an advantage If you share our passion to make a difference in the cyber security landscape, take up the challenge and apply now. All applicants will be notified of whether they are shortlisted or not within four weeks of the closing date of this job posting. For any issues with the application, you may drop your resume with us at csa_recruit@csa.gov.sg. Note: CSA will be shifting to Punggol Digital District (PDD) in year 2026.

About the Cyber Security Agency of Singapore Established in 2015, the Cyber Security Agency of Singapore (CSA) seeks to keep Singapore’s cyberspace safe and secure to underpin our Nation Security, power a Digital Economy and protect our Digital Way of Life. It maintains an oversight of national cybersecurity functions and works with sector leads to protect Singapore’s Critical Information Infrastructure. CSA also engages with various stakeholders to heighten cyber security awareness, build a vibrant cybersecurity ecosystem supported by a robust workforce, pursue international partnerships and drive regional cybersecurity capacity building programmes. CSA is part of the Prime Minister’s Office and is managed by the Ministry of Digital Development and Information. For more news and information, please visit www.csa.gov.sg