Senior Engineer, InfoComm Governance, InfoComm Infrastructure

  • Job Category
    Information Technology, Public / Civil Service
  • Contract type

Job Description

DSTA is a top-notch technology organisation that drives innovation and delivers state-of-the-art capabilities to make the SAF a formidable fighting force. Our engineers and IT professionals harness multidisciplinary expertise to equip our soldiers with advanced systems to defend Singapore.

We also contribute our technological expertise to support national-level developments. To achieve our mission, DSTA performs a variety of roles ranging from acquisition and procurement to cybersecurity and software development.


We are looking for an individual to join us in our Infocomm Infrastructure Programme Centre where you will lead the implementation of a compliance framework that governs and secures our infrastructure systems. The role will require you to:

  • Research the cyber threat landscape, defence technologies, and explore new cyber assurance tools
  • Scope and review security tests and audits to ensure security assurance is achieved, and perform vulnerability assessment and red-teaming
  • Design and deploy artefacts (spanning design, development, implementation and automation of cyber activities) into enterprise systems that aligns to security principles and overall Enterprise System Architecture
  • Ensure that key security requirements are defined and designed into the systems, implemented in accordance to the security design, and in compliance with prevailing ICT security policies and standards
  • Support teams through risk management, which involves performing security risk assessment to identify and analyse security risks, recommending risk treatment and mitigation measures, and assessing residual risks.
  • Develop and customise security audit checklists to assess the design and operating effectiveness of internal controls that mitigate IT risks
  • Plan, develop and conduct annual policy compliance and process audits, technical audits on critical systems and infrastructure
  • Formulate mitigation plans to improve the state of the overall ICT governance and make recommendations to address the gaps
  • Review, monitor and validate audit findings to ensure control remediation is effective and root causes have been addressed
  • Develop and review project specific security specifications and ensure alignment to assessed security risks, security requirements, prevailing ICT security policies and standards
  • Work closely with stakeholders, project teams, and outsourced vendors to ensure security objectives are achieved



  • Tertiary qualification in Infocomm Security, Computer Science, Computer/Electronics Engineering or Information Technology with at least 5 years’ of IT experience in security roles with in-depth hands-on knowledge of security practice and/or ICT compliance
  • Candidates with CISSP, CISA, Cloud Security, DevSecOps and/or Mobile Network related certification will have an advantage
  • Knowledge of IT management processes, technology risks and internal controls
  • Knowledge and experience of operational security management techniques, architecture and designs
  • Knowledge of cybersecurity attributes (e.g. confidentiality, integrity, availability, accountability, assurance, etc.) and security measures (e.g. authentication, authorisation, etc.)
  • Knowledge and experience of risk management methodologies and risk evaluation techniques
  • Knowledge of system security architecture concepts including network topology, protocols, components and principles (e.g. application of Defence in-Depth), and able to specify where and how security controls should be applied to or engineered into the security design
  • Knowledge and experience of ISO/IEC 27001/2 standards. Knowledge and experience of IM8 will be advantageous
  • Able to articulate cybersecurity risks, mitigation measures and residual risks to stakeholders
  • Able to articulate concepts, strategies, issues and challenges with clear framing
  • Able to think strategically and critically
  • Good written and verbal communication and presentation skills
  • Good planning and coordination skills

Closing on 01 Jul 2021