Senior Infocomm Officer/ Infocomm Specialist (Red Team Engineer / Cybersecurity Engineer)
INLAND REVENUE AUTHORITY OF SINGAPORE
Information Technology, Public / Civil Service
Make your mark. Create an impact.
At IRAS, we partner you to deliver quality tax services and foster a competitive tax environment for our nation's social and economic growth. By leveraging digital capabilities as part of a future-ready team, your opportunities keep expanding.
As an Infocomm Specialist, you have the technology smarts and are at the forefront of leading infocomm trends. At IRAS, you can harness your expertise to be a digital change agent in our transformation journey. You will partner business divisions to model smart and agile IT systems to shape our digital architecture. With exposure to big data platforms, you will unleash your technical expertise to create innovative digital enterprise solutions.
The result? Seamless IT interface for customers and other innovations that benefit external and internal stakeholders.
• Responsible for applying adversarial tactics to identify security weaknesses and build defence capabilities against it
• Analyse application source code to identify security vulnerabilities that result in business impact.
• Plan, design, simulate web application attacks on targeted web applications and web services. Leverage on existing and emerging methods to identify vulnerabilities in web technologies that would result in a business impact to the organisation.
• Plan, design, simulate and execute attacks on targeted IT network environment. Leverage on existing and emerging methods to identify vulnerabilities in people, process and technologies, that results in business impact.
• Plan, design and simulate social engineering attacks on targeted personnel who have direct/indirect access to a critical function of an IT network environment. Leverages on existing and emerging methods to identify weaknesses in process through influencing people.
• Perform red teaming assessments using open source tools to identify vulnerability of developed systems.
• Develop, conduct research on, and maintain proficiency in tools, techniques and vulnerabilities trends for red teaming
• Provide written and verbal description of the identified security defects identified, articulate risks and propose mitigation measures
• Tertiary qualification, preferably in cyber security, computer science or engineering related discipline.
• At least three years of experience in Infocomm security environment or three years of conducting red teaming simulation in Enterprise IT environment.
• Relevant professional certifications (e.g. CREST or CRTE) in red-teaming or penetration testing is preferred.
• Relevant experience or knowledge in one or more of the following areas would be advantageous:
- Knowledge on OWASP (web application) top ten vulnerabilities related to web application systems, and insecure development practices in the design, coding and publishing of software or website
- Experience in adversarial strategies to penetrate targeted environment using methodology such as MITRE ATT&CK that simulates real world attackers
- Strong programming experience, and familiarity with scripting languages such as Python
- Knowledge of processes, procedures and methods to research, analyse and disseminate threat intelligence information
- Wide Knowledge of server technologies including commonly used web servers, database servers, cloud storage and server-to-server secured network communications
- Engineering experience in micro-services and Docker
• Analytical, with good problem-solving skills.
• Good writing and presentation skills
• Excellent communications and interpersonal skills to relate to stakeholders’ concerns.
• Open mind and able to challenge assumptions
• Performance-driven, full of enthusiasm, capable of working independently or as a team, have a high level of initiative and integrity
• Willingness to learn new things
Closing on 21 Apr 2021