logo
Government Technology Agency

Government Technology Agency

Crowdsourced Vulnerability Discovery Programme Operations Manager

Fixed Terms
Closing on 27 Feb 2026

What the role is

GovTech is the lead agency driving Singapore’s Smart Nation initiatives and public sector digital transformation. As the Centre of Excellence for Infocomm Technology and Smart Systems (ICT & SS), GovTech develops the Singapore Government’s capabilities in Data Science & Artificial Intelligence, Application Development, Smart City Technology, Digital Infrastructure, and Cybersecurity.

At GovTech, we offer you a purposeful career to make lives better where we empower our people to master their craft through robust learning and development opportunities all year round.

Play a part in Singapore’s vision to build a Smart Nation and embark on your meaningful journey to build tech for public good. Join us to advance our mission and shape your future with us today!

Learn more about GovTech at tech.gov.sg.

What you will be working on

Do you want to play a critical role in securing our smart nation initiatives by uncovering weaknesses in various domains of cybersecurity programs even before the real threat actors come to play? And are you up to race against the real threat actors before organisations are compromised?

We seek an experienced cybersecurity professional to lead our Crowdsourced Vulnerability Discovery Programme (CVDP) triage team. The role encompasses managing daily operations, leading a team of triage specialists, and ensuring effective handling of vulnerability reports across government systems for the Government Bug Bounty Programme (GBBP), Vulnerability Disclosure Programme (VDP), and Vulnerability Rewards Programme (VRP) for Whole-of-Government (WoG).


Key Responsibilities

Team Leadership & Operations

  • Lead and mentor a team of CVD triage specialists, providing technical guidance and ensuring optimal performance in vulnerability assessment and management

  • Operational planning of day-to-day tasks and development of the team's technical capabilities and soft skills

  • Foster a supportive and collaborative team environment with strong commitment to mentoring team members


Programme Management

  • Lead the conduct of 6 runs of GBBP and Pre-GBBP per year

  • Lead continuous VDP and VRP operations

  • Lead the CVD team in performing technical and impact analysis of reported vulnerabilities for GBBP, VDP and VRP

  • Lead the CVD team in performing in-depth testing on agencies' patches for all CVD programmes


Technical & Strategic Functions

  • Prepare and present materials for bounty approval

  • Develop and deliver presentations on notable vulnerabilities identified through programmes for cross-team sharing, SLM sharing, or forums

  • Conduct technical sharing of vulnerabilities arising from the programmes to internal and external stakeholders

  • Perform analysis on data and payloads of reports to derive insights, statistics, and trends to advise various stakeholders

  • Devise global solutions for recurring vulnerabilities


Process & Documentation

  • Review and maintain standard operating procedures (SOPs) for the vulnerability triage process

  • Continuously improve existing processes and SOPs

  • Develop comprehensive documentation for triage processes

  • Prepare regular vulnerability trends and operational metrics reports


Stakeholder Management

  • Interface with agencies for clarification

  • Manage stakeholder relationships across government agencies, system owners, and security researchers

  • Provide technical support to the Programme Team

  • Oversee integration and maintenance of key platforms

What we are looking for

  • Degree in Cybersecurity, Computer Science, Information Systems, Computer Engineering, Information Security, or related technical field

  • OSCP certification (mandatory)

  • Minimum 3-5 years' experience in cybersecurity, penetration testing, or web penetration testing

  • At least 2 years' team leadership or management experience

  • Technical experience in performing web penetration testing or similar skills

  • Understanding of basic cybersecurity principles and concepts

  • Must have legal authorisation to work in Singapore


Advantageous Qualifications

  • Professional certifications ( OSWE, GPEN, CISSP)

  • Experience with bug bounty programmes or vulnerability coordination

  • Previous experience with government systems

  • Background in technical team leadership


Required Skills

  • Comprehensive understanding of web application security and vulnerability assessment

  • Experience with vulnerability management platforms and bug tracking systems

  • Excellent project management and team leadership abilities

  • Strong analytical and problem-solving capabilities

  • Outstanding communication and stakeholder management skills

  • Good command of English (oral and written)

  • Ability to perform under pressure and manage critical incidents

  • Positive attitude and collaborative leadership style

  • Demonstrated ability to foster a supportive and collaborative team environment

  • Strong commitment to mentoring team members and promoting mutual support within the team
     

GovTech is an equal opportunity employer committed to fostering an inclusive workplace that values diverse voices and perspectives, as we believe that diversity is the foundation to innovation. 

 

Our employee benefits are based on a total rewards approach, offering a holistic and market-competitive suite of perks. These include leave benefits to meet your work-life needs and employee wellness programmes. 

  

We champion flexible work arrangements (subject to your job role) and trust that you will manage your own time to deliver your best, wherever you are, and whatever works best for you. 

 

Learn more about life inside GovTech at go.gov.sg/GovTechCareers.

 

Stay connected with us on social media at go.gov.sg/ConnectWithGovTech.

About your application process

This job is closing on 27 Feb 2026.

If you do not hear from us within 4 weeks of the job ad closing date, we seek your understanding that it is likely that we are not moving forward with your application for this role. We thank you for your interest and would like to assure you that this does not affect your other job applications with the Public Service. We encourage you to explore and apply for other roles within Government Technology Agency or the wider Public Service.


About Government Technology Agency

The Government Technology Agency (GovTech) is the lead agency driving Singapore’s Smart Nation initiatives and public sector digital transformation. As the Centre of Excellence for Infocomm Technology and Smart Systems (ICT & SS), GovTech develops the Singapore Government’s capabilities in Data Science & Artificial Intelligence, Application Development, Smart City Technology, Digital Infrastructure, and Cybersecurity. At GovTech, we offer you a purposeful career to make lives better. We empower our people to master their craft through continuous and robust learning and development opportunities all year round. Our GovTechies embody our Agile, Bold and Collaborative values to deliver impactful solutions. GovTech aims to transform the delivery of Government digital services by taking an "outside-in" view, putting citizens and businesses at the heart of everything we do. Play a part in Singapore’s vision to build a Smart Nation and embark on your meaningful journey to build tech for public good. Join us to advance our mission and shape your future with us today! Learn more about GovTech at tech.gov.sg.

Learn more about Government Technology Agency