Cybersecurity Operations Specialist (Incident Response)

[What the role is]GovTech is the lead agency driving Singapore’s Smart Nation initiatives and public sector digital transformation. As the Centre of Excellence for Infocomm Technology and Smart Systems (ICT & SS), GovTech develops the Singapore Government’s capabilities in Data Science & Artificial Intelligence, Application Development, Smart City Technology, Digital Infrastructure, and Cybersecurity.

At GovTech, we offer you a purposeful career to make lives better where we empower our people to master their craft through robust learning and development opportunities all year round.

Play a part in Singapore’s vision to build a Smart Nation and embark on your meaningful journey to build tech for public good. Join us to advance our mission and shape your future with us today!

Learn more about GovTech at tech.gov.sg.

Join us and you will play a key role in the Cyber Defense Ops & Intelligence (CDOI) of Cyber Security Group (CSG) as Cybersecurity Operations Specialist (Incident Response) to manage and investigate cybersecurity incidents.

The successful candidate will ensure the delivery of cybersecurity operations services across all stages of the incident response lifecycle. This encompasses triaging potential security events, conducting in-depth investigations and advising on containment, eradication and recovery strategies. Candidate must possess strong log analysis and digital forensics skills to drive effective responses to cybersecurity incidents that ensure secure delivery of applications and infrastructure services. Critical thinking and great communication skills are required to articulate technical concepts and guide decision makers towards optimal courses of action. This is a key position in the Cyber Incident Response Team (CIRT).

[What you will be working on]

Lead incident response activities through all phases of an incident:

Conduct triage and investigation of potential cybersecurity incidents to determine incident scope and severity

Develop and execute containment strategies

Perform investigations and root cause analysis to identify attack vectors, tactics, and impact

Conduct comprehensive security event log analysis to validate security detections, investigate alerts, and identify attacks across multiple data sources including:

Endpoint system logs or Endpoint detection and response (EDR) telemetry

Network traffic logs

Application logs

Cloud service logs and audit trails

Conduct digital forensic acquisition and analysis of artifacts from various sources including:

Endpoint systems and servers

Network devices and logs

Cloud environments

Mobile devices and storage media

Maintain clear stakeholder communication throughout incident lifecycle and prepare comprehensive post-incident reports with preventive recommendations

Provide expert input for automating Security Operations (E.g Implement SOAR playbooks)

Develop and test incident response playbooks and processes

Maintain situational awareness of cyber security landscape and emerging threat actor TTPs

[What we are looking for]

Bachelor’s Degree in Computer Science/Information Security or equivalent

Professional certifications, including GCFA, GREM, GNFA, GCTI, CISSP or other relevant certifications will be preferred

Preferably 5 years or more of experience as a full-time incident responder/digital forensic/malware analysis or related discipline

Understanding of operating systems and platform (e.g. Windows, Linux) and knowledge of computer networking, LAN, and server

Strong ability with log analysis techniques, familiarity with platforms (e.g., Splunk, ELK Stack, Google SecOps) and analytical skills to correlate events across multiple log sources to identify attack patterns

Proficient in Forensic Tools such as AXIOM, FTK or Autopsy

Ability to perform basic static and dynamic malware analysis and to analyse network and application logs

Good working knowledge of Cloud and Container technologies are a plus

Familiarity with good security practices

Good communication and interpersonal skills, with the ability to multitask and priortise

Meticulous and demonstrate a high degree of integrity, initiative, energy and endurance

Singaporean only

GovTech is an equal opportunity employer committed to fostering an inclusive workplace that values diverse voices and perspectives, as we believe it is key to innovation.

Our employee benefits are based on a total rewards approach, offering a holistic and market-competitive suite of perks.

We champion flexible work arrangements (subject to your job role) and trust you to manage your time to deliver your best.

Learn more about life inside GovTech at go.gov.sg/GovTechCareers

JR-