DevSecOps Specialist

  • Job Category
    Public / Civil Service
  • Contract type

Job Description

The Government Technology Agency (GovTech) aims to transform the delivery of Government digital services by taking an outside-in" view, putting citizens and businesses at the heart of everything we do. We also develop the Smart Nation infrastructure and applications, and facilitate collaboration with citizens and businesses to co-develop technologies.

Join us as we support Singapore’s vision of building a Smart Nation - a nation of possibilities empowered through info-communications technology and related engineering.



What to expect:

  • Lead in the development and implementation of cloud security architecture and technology to meet business functions while addressing cybersecurity threats and compliance requirements.

  • Work with stakeholders such as developers, infrastructure and platform engineers, etc. to achieve security objectives in an Agile setting 

  • Lead and hold discussions to coordinate and plan for timely security assessments 

  • Develop secure application development practices, standards, guidelines and solutions with the aim to standardise and raise the AppSec practices for Logging, Monitoring and PaC squad.

  • Support business initiatives through risk management, which involves performing security risk assessment to identify and analyse security risks, recommending risk treatment and mitigation measures, and assess residual risks. 

  • Review security architectures, designs and implementations is in compliance with prevailing ICT security policies and standards.

  • Identify design gaps and recommend security enhancements.

  •  Involve in designing and coding prevailing ICT security policies and standards into Policy As Code systems that aligns to security principles.

  • Stay abreast of current and emerging cloud security technologies and the associated security threats. Design security architecture control measures to mitigate the threats and risks.

  • Manage stakeholder relationships to ensure that consulting services delivered meet their expectations.

  • Enhance visibility and track security assessments by integrating with ticketing tools 

  • Explore, use and deploy new security assessment tools to meet necessary security objectives 


How to succeed:

  • Degree in Infocomm Security, Computer Science, Computer/Electronics Engineering or Information Technology with at least 6 years’ of cloud security architecture experience with a demonstrated ability as a DevSecOps specialist in understanding business needs and security risks.

  • Possess CISSP and/or CISA certifications, and Cloud security or DevSecOps related certification are of added advantage

  • Understanding of infrastructure provision and management tools (Docker, Chef, Ansible, Kubernetes)

  • Passion in driving for DevSecOps transformation

  • Passion for automation and security best practices

  • Experience with Source Code Review in an enterprise setting

  • Experience with Penetration Testing in an enterprise setting

  • Experience with DevOps toolset like JIRA, BitBucket, Confluence

  • Experience with cloud providers like AWS, GCP, Azure




Closing on 09 Feb 2022