You will play a pivotal role in safeguarding Singapore’s defence and security interests by conducting comprehensive Penetration Testing (PT), Vulnerability Assessments (VA), and Source Code Security Reviews on IT assets, including infrastructure, web applications, and military applications.

- Conduct comprehensive Penetration Testing (PT), Vulnerability Assessments (VA), and Source Code Security Reviews on IT assets, including infrastructure, web applications, and military applications - Develop tailored security assessment tools and scripts to enhance testing capabilities and address evolving threat vectors - Document findings, conduct analysis, and prepare detailed technical reports, including executive summaries for various stakeholders - Collaborate with security engineers, developers, and other stakeholders to provide actionable guidance on remediating identified security risks and vulnerabilities - Provide expertise in the design and implementation of security controls across applications, infrastructure, and network systems - Develop and deliver specialised training and awareness programs to elevate the cybersecurity capabilities of the SAF personnel, with opportunities for growth in leadership and knowledge-sharing in the military cybersecurity context - Maintain up-to-date knowledge of emerging threats, security best practices, and industry-standard frameworks Challenge(s) - Maintaining consistent quality under time pressure - Quickly learning and troubleshooting various tools and platforms

- Education in Information Security, Computer Science, IT or a related field - Industry-recognised certifications such as CREST CRT, GPEN, or OSCP - At least 1 year of hands-on experience in conducting PT and VA, with a strong preference for experience in military or government-focused penetration testing - Experience conducting security assessments on application infrastructure, networks, and cloud-based systems - Strong understanding of web application, infrastructure, and network security architecture - Excellent communication and presentation skills, with a focus on conveying complex security findings to both technical and non-technical stakeholders - Ability to work independently and collaboratively within cross-functional teams - Highly analytical, self-driven, and committed to continuous learning and skill enhancement - Proficiency in scripting languages, such as Python, PowerShell, JavaScript, VBScript, Ruby, or Perl - Track record of identifying and disclosing vulnerabilities or recognition in Capture-The-Flag (CTF) competitions - Proficiency with tools such as BurpSuite, Metasploit, Nexpose, Nessus, and other industry-standard penetration testing and vulnerability assessment tools Appointment will be commensurate with your experience. Only shortlisted candidates will be notified.

The mission of MINDEF and the Singapore Armed Forces is to enhance Singapore's peace and security through deterrence and diplomacy, and should these fail, to secure a swift and decisive victory over the aggressor. The Defence Executive Officer (DXO) scheme is the non-uniformed career scheme of MINDEF that offers myriad opportunities in various job functions, such as corporate communications, cyber security, data analytics and visualisation, defence policy, finance, HR, psychology, and more. Embodying the same level of commitment towards defence, DXOs work together with their military counterparts to contribute to MINDEF/SAF’s mission and ensure Singapore's security and stability. United by this common cause, our lines of defence complement each other to secure the prosperity and progress of our nation.