Question
FULL_TIME
5-10

Senior Cybersecurity Engineer, Offensive Security (Contract)

4/29/2026

You will lead vulnerability management initiatives, conduct penetration testing, and perform security risk assessments across applications and infrastructure. Additionally, you will integrate security practices into DevSecOps pipelines and drive security awareness through education and process improvements.

Working Hours

40 hours/week

Company Size

1,001-5,000 employees

Language

English

Visa Sponsorship

No

About The Company
The Government Technology Agency of Singapore (GovTech) is the lead agency driving Singapore's Smart Nation initiative and public sector digital transformation. We harness the power of technology to make lives better for citizens, businesses, international audiences and the public service sector. Our mission: Engineering Digital Government, Making Lives Better. Our goal is to create a government that is "Digital to the Core, and Serves with Heart". We achieve this by using technology to create services that are easy, seamless and secure for people to use, and placing the needs of citizens and businesses at the centre of everything we do. As a digital government, our public officers are also able to continually upskill, adapt to new challenges and work more effectively across agencies as well as with citizens and businesses in Singapore.
About the Role

[What the role is]

You will be part of the Offensive Security team, supporting MAS’ cybersecurity assurance efforts and the various workstreams of the team by identifying security gaps, validating risks, and driving remediation efforts across applications, systems and infrastructure.

The role focuses on proactive security testing (penetration testing, vulnerability assessment, source code review, red teaming), vulnerability management, risk assessment, and raising cybersecurity awareness, working closely with the respective IT teams and stakeholders to ensure alignment with security policies and best practices.

[What you will be working on]

  • Lead vulnerability management initiatives including tracking and remediation across multiple systems using industry-standard tools.

  • Conduct penetration testing, source code reviews with independent assessment and expert remediation guidance.

  • Manage security testing projects, coordinating between external pen testers and internal stakeholders to ensure successful delivery.

  • Perform security risk assessments and deliver actionable recommendations through technical discussions and presentations to teams and management.

  • Integrate security practices into DevSecOps and CI/CD pipelines whilst providing expert guidance to application, system, and infrastructure teams.

  • Continuously enhance vulnerability management processes and best practices.

  • Drive security awareness through targeted education initiatives and process improvements for vulnerability management and secure coding practices.

  • Stay ahead of emerging threats, evaluate new security technologies, and explore AI-assisted tools and LLM to enhance BAU tasks and operations.

  • Identify, assess and advise on remediation of security vulnerabilities.

As part of the shortlisting process for this role, you may be required to complete a medical declaration and/or undergo further assessment.

This is a 2-Year contract position. All applicants will be notified on whether they are shortlisted or not within 4 weeks of the closing date of this job posting.

[What we are looking for]

  • At least 8 years of relevant experience in cybersecurity. Candidates with relevant certifications such as CISSP, CCSP, CRT, OSCP would be an added advantage.

  • Technical competencies in Security testing (penetration testing, source code review, vulnerability scanning), Vulnerability management and risk assessment.

  • Technical experience with security scanning tools such as Tenable Nessus, Prisma Cloud, SonarQube, NexusIQ etc.

  • Strong understanding of common security vulnerabilities (e.g. OWASP Top 10), secure coding practices and vulnerability remediation.

  • Strong understanding of DevSecOps concepts and CI/CD pipelines, Cloud, Container, LLM security testing.

Key Skills
Penetration testingVulnerability managementRisk assessmentSource code reviewRed teamingDevSecOpsCI/CD pipelinesCloud securityContainer securityLLM securityTenable NessusPrisma CloudSonarQubeNexusIQOWASP Top 10Secure coding
Categories
Security & SafetyTechnologySoftwareGovernment & Public SectorEngineering
Apply Now

Please let Public Service Division know you found this job on InterviewPal. This helps us grow!

Apply Now
Prepare for Your Interview

We scan and aggregate real interview questions reported by candidates across thousands of companies. This role already has a tailored question set waiting for you.

Elevate your application

Generate a resume, cover letter, or prepare with our AI mock interviewer tailored to this job's requirements.

Tailor my ResumeWrite my cover letterFind Your Cover Letter