Lead Cybersecurity Incident Response Specialist

The Government Technology Agency (GovTech) is the lead agency driving Singapore’s Smart Nation initiatives and public sector digital transformation. As the Centre of Excellence for Infocomm Technology and Smart Systems (ICT & SS), GovTech develops the Singapore Government’s capabilities in Data Science & Artificial Intelligence, Application Development, Smart City Technology, Digital Infrastructure, and Cybersecurity.     
 
At GovTech, we offer you a purposeful career to make lives better. We empower our people to master their craft through continuous and robust learning and development opportunities all year round. Our GovTechies embody our Agile, Bold and Collaborative values to deliver impactful solutions.   GovTech aims to transform the delivery of Government digital services by taking an "outside-in" view, putting citizens and businesses at the heart of everything we do.   Play a part in Singapore’s vision to build a Smart Nation and embark on your meaningful journey to build tech for public good. Join us to advance our mission and shape your future with us today!     
 
Learn more about GovTech at tech.gov.sg. 

 

Job Description 

Join us and you will play a key role in the Cyber Defense Ops & Intelligence (CDOI) of Cyber Security Group (CSG) as  Cybersecurity Operations Specialist (Incident Response) to manage and investigate cybersecurity incidents. 

The successful candidate will ensure the delivery of cybersecurity operations services across all stages of the incident response lifecycle. This encompasses triaging potential security events, conducting in-depth investigations and advising on containment, eradication and recovery strategies. Candidate must possess strong log analysis and digital forensics skills to drive effective responses to cybersecurity incidents that ensure secure delivery of applications and infrastructure services. Critical thinking and great communication skills are required to articulate technical concepts and guide decision makers towards optimal courses of action. This is a key position in the Cyber Incident Response Team (CIRT). 

What you will be working on: 

• Lead incident response activities through all phases of an incident: 

• Conduct triage and investigation of potential cybersecurity incidents to determine incident scope and severity 

• Develop and execute containment strategies 

• Perform investigations and root cause analysis to identify attack vectors, tactics, and impact 

• Conduct comprehensive security event log analysis to validate security detections, investigate alerts, and identify attacks across multiple data sources including: 

• Endpoint system logs or Endpoint detection and response (EDR) telemetry 

• Network traffic logs 

• Application logs  

• Cloud service logs and audit trails 

• Conduct digital forensic acquisition and analysis of artifacts from various sources including: 

• Endpoint systems and servers 

• Network devices and logs 

• Cloud environments 

• Mobile devices and storage media 

• Maintain clear stakeholder communication throughout incident lifecycle and prepare comprehensive post-incident reports with preventive recommendations 

• Provide expert input for automating Security Operations (E.g Implement SOAR playbooks) 

• Develop and test incident response playbooks and processes 

• Maintain situational awareness of cyber security landscape and emerging threat actor TTPs 

What we are looking for: 

• Bachelor’s Degree in Computer Science/Information Security or equivalent 

• Professional certifications, including GCFA, GREM, GNFA, GCTI, CISSP or other relevant certifications will be preferred 

• Preferably 5 years or more of experience as a full-time incident responder/digital forensic/malware analysis or related discipline 

• Understanding of operating systems and platform (e.g. Windows, Linux) and knowledge of computer networking, LAN, and server 

• Strong ability with log analysis techniques, familiarity with platforms (e.g., Splunk, ELK Stack, Google SecOps) and analytical skills to correlate events across multiple log sources to identify attack patterns 

• Proficient in Forensic Tools such as AXIOM, FTK or Autopsy 

• Ability to perform basic static and dynamic malware analysis and to analyse network and application logs 

• Good working knowledge of Cloud and Container technologies are a plus 

• Familiarity with good security practices 

• Good communication and interpersonal skills, with the ability to multitask and priortise 

• Meticulous and demonstrate a high degree of integrity, initiative, energy and endurance 

  

GovTech is an equal opportunity employer committed to fostering an inclusive workplace that values diverse voices and perspectives, as we believe that diversity is the foundation to innovation.  

Our employee benefits are based on a total rewards approach, offering a holistic and market-competitive suite of perks. These include leave benefits to meet your work-life needs and employee wellness programmes.  

We champion flexible work arrangements (subject to your job role) and trust that you will manage your own time to deliver your best, wherever you are, and whatever works best for you. 

Learn more about life inside GovTech at go.gov.sg/GovTechCareers. 

Stay connected with us on social media at go.gov.sg/ConnectWithGovTech.