logo
Government Technology Agency

Cybersecurity Operations Specialist (Incident Response)

Government Technology Agency

Permanent

Closing on 25 Sep 2025

What the role is

GovTech is the lead agency driving Singapore’s Smart Nation initiatives and public sector digital transformation. As the Centre of Excellence for Infocomm Technology and Smart Systems (ICT & SS), GovTech develops the Singapore Government’s capabilities in Data Science & Artificial Intelligence, Application Development, Smart City Technology, Digital Infrastructure, and Cybersecurity.

At GovTech, we offer you a purposeful career to make lives better where we empower our people to master their craft through robust learning and development opportunities all year round.

Play a part in Singapore’s vision to build a Smart Nation and embark on your meaningful journey to build tech for public good. Join us to advance our mission and shape your future with us today!

Learn more about GovTech at tech.gov.sg.

Join us and you will play a key role in the Cyber Defense Ops & Intelligence (CDOI) of Cyber Security Group (CSG) as Cybersecurity Operations Specialist (Incident Response) to manage and investigate cybersecurity incidents.

The successful candidate will ensure the delivery of cybersecurity operations services across all stages of the incident response lifecycle. This encompasses triaging potential security events, conducting in-depth investigations and advising on containment, eradication and recovery strategies. Candidate must possess strong log analysis and digital forensics skills to drive effective responses to cybersecurity incidents that ensure secure delivery of applications and infrastructure services. Critical thinking and great communication skills are required to articulate technical concepts and guide decision makers towards optimal courses of action. This is a key position in the Cyber Incident Response Team (CIRT).

What you will be working on

  • Lead incident response activities through all phases of an incident:

    • Conduct triage and investigation of potential cybersecurity incidents to determine incident scope and severity

    • Develop and execute containment strategies

    • Perform investigations and root cause analysis to identify attack vectors, tactics, and impact

  • Conduct comprehensive security event log analysis to validate security detections, investigate alerts, and identify attacks across multiple data sources including:

    • Endpoint system logs or Endpoint detection and response (EDR) telemetry

    • Network traffic logs

    • Application logs

    • Cloud service logs and audit trails

  • Conduct digital forensic acquisition and analysis of artifacts from various sources including:

    • Endpoint systems and servers

    • Network devices and logs

    • Cloud environments

    • Mobile devices and storage media

  • Maintain clear stakeholder communication throughout incident lifecycle and prepare comprehensive post-incident reports with preventive recommendations

  • Provide expert input for automating Security Operations (E.g Implement SOAR playbooks)

  • Develop and test incident response playbooks and processes

  • Maintain situational awareness of cyber security landscape and emerging threat actor TTPs

What we are looking for

  • Bachelor’s Degree in Computer Science/Information Security or equivalent

  • Professional certifications, including GCFA, GREM, GNFA, GCTI, CISSP or other relevant certifications will be preferred

  • Preferably 5 years or more of experience as a full-time incident responder/digital forensic/malware analysis or related discipline

  • Understanding of operating systems and platform (e.g. Windows, Linux) and knowledge of computer networking, LAN, and server

  • Strong ability with log analysis techniques, familiarity with platforms (e.g., Splunk, ELK Stack, Google SecOps) and analytical skills to correlate events across multiple log sources to identify attack patterns

  • Proficient in Forensic Tools such as AXIOM, FTK or Autopsy

  • Ability to perform basic static and dynamic malware analysis and to analyse network and application logs

  • Good working knowledge of Cloud and Container technologies are a plus

  • Familiarity with good security practices

  • Good communication and interpersonal skills, with the ability to multitask and priortise

  • Meticulous and demonstrate a high degree of integrity, initiative, energy and endurance

  • Singaporean only

GovTech is an equal opportunity employer committed to fostering an inclusive workplace that values diverse voices and perspectives, as we believe it is key to innovation. 

Our employee benefits are based on a total rewards approach, offering a holistic and market-competitive suite of perks.

  

We champion flexible work arrangements (subject to your job role) and trust you to manage your time to deliver your best.

Learn more about life inside GovTech at go.gov.sg/GovTechCareers

About Government Technology Agency

The Government Technology Agency (GovTech) is the lead agency driving Singapore’s Smart Nation initiatives and public sector digital transformation. As the Centre of Excellence for Infocomm Technology and Smart Systems (ICT & SS), GovTech develops the Singapore Government’s capabilities in Data Science & Artificial Intelligence, Application Development, Smart City Technology, Digital Infrastructure, and Cybersecurity. At GovTech, we offer you a purposeful career to make lives better. We empower our people to master their craft through continuous and robust learning and development opportunities all year round. Our GovTechies embody our Agile, Bold and Collaborative values to deliver impactful solutions. GovTech aims to transform the delivery of Government digital services by taking an "outside-in" view, putting citizens and businesses at the heart of everything we do. Play a part in Singapore’s vision to build a Smart Nation and embark on your meaningful journey to build tech for public good. Join us to advance our mission and shape your future with us today! Learn more about GovTech at tech.gov.sg.

About your application process

This job is closing on 25 Sep 2025.

If you do not hear from us within 4 weeks of the job ad closing date, we seek your understanding that it is likely that we are not moving forward with your application for this role. We thank you for your interest and would like to assure you that this does not affect your other job applications with the Public Service. We encourage you to explore and apply for other roles within Government Technology Agency or the wider Public Service.