Cybersecurity Engineer (Security Operations)

[What the role is] 

GovTech is the lead agency driving Singapore’s Smart Nation initiatives and public sector digital transformation. As the Centre of Excellence for Infocomm Technology and Smart Systems (ICT & SS), GovTech develops the Singapore Government’s capabilities in Data Science & Artificial Intelligence, Application Development, Smart City Technology, Digital Infrastructure, and Cybersecurity.

At GovTech, we offer you a purposeful career to make lives better where we empower our people to master their craft through robust learning and development opportunities all year round.

Play a part in Singapore’s vision to build a Smart Nation and embark on your meaningful journey to build tech for public good. Join us to advance our mission and shape your future with us today!

Learn more about GovTech at tech.gov.sg.

[What you will be working on] 

Key Responsibilities

1. Incident Management & Response Standardisation

• Establish and maintain Ministry-wide Incident Response (IR) playbooks for diverse threat scenarios (e.g. ransomware, data exfiltration, cloud breaches)
• Provide direct technical oversight and guidance during High and Critical severity incidents, ensuring timely containment and reporting
• Work with Agency CIOs and CISOs to establish clear command structures and governance frameworks that empower leaders to make high-stakes decisions during a crisis

2. Operational Readiness & Resiliency Testing

• Design and oversee high-quality Tabletop Exercises (TTX) for stakeholders including system owners, SIROs, CISOs, and CIOs; evaluate external vendors to ensure exercises are realistic and rigorous
• Drive adoption of chaos testing across agencies to validate resiliency plans and surface hidden failure points in critical systems
• Continuously assess the Ministry Family's incident management capabilities and lead initiatives to bridge identified gaps

3. Continuous Monitoring & Asset Governance

• Ensure all Ministry systems are effectively onboarded to central monitoring services, working with system owners to resolve onboarding challenges
• Partner with Agency CIOs to maintain a robust and current IT asset inventory
• Provide expert guidance for agencies with specialised environments (e.g. OT/ICS) to build bespoke detection capabilities outside standard monitoring coverage

4. Vulnerability & Attack Surface Management

• Establish SOPs for vulnerability management across on-premises, cloud (GCC), and OT environments, including procedures for managing unpatched vulnerabilities
• Oversee deployment of internal and external attack surface scanning tools
• Manage finding prioritisation workflows and validate that patches are applied effectively

5. Advocacy & Education

• Educate agency stakeholders on the importance of Response and Business Continuity Planning (BCP)
• Foster an "assumed breach" mindset among project owners and agency leaders, ensuring they understand their roles in threat monitoring and incident management

Qualifications & Requirements 

Experience

• 8 to 10 years of experience in Cybersecurity Operations, SOC Management, or Incident Response
• Proven track record of leading or providing technical oversight during high-pressure, high-severity security incidents
• Experience managing security operations across complex hybrid environments (on-premises, cloud, and OT)

Technical Skills

• Mastery of IR methodologies with strong grounding in digital forensics and malware analysis
• Deep knowledge of the threat landscape and ability to map monitoring use cases to the MITRE ATT&CK framework
• Strong understanding of the CVE system and CVSS scoring, including how vulnerabilities are weaponised and how to assess exploitability within a specific environment
• Proficiency in SIEM, SOAR, XDR, and EDR technologies
• Familiarity with monitoring and incident response in Government Commercial Cloud (GCC) and native cloud environments
• Professional certifications such as GCIH, GCFA, CHFI, or CISSP are highly desirable

Soft Skills

• Calm and authoritative under pressure, with the ability to lead during high-stakes security crises
• Skilled at translating operational needs into strategic priorities when engaging senior stakeholders
• Strong strategic foresight to proactively adapt monitoring strategies against emerging threats and evolving actor TTPs

Why Join Us

Be part of a lean, high-impact team at the heart of Agencies cybersecurity function. You will have broad exposure across the full security spectrum — from hands-on technical work to senior stakeholder engagement — and the opportunity to shape how a critical government ministry prepares for and responds to cyber threats.