Job Description

[What the role is]

The Monetary Authority of Singapore (MAS) is Singapore\xe2\x80\x99s central bank and integrated financial regulator.

As central bank, MAS promotes sustained, non-inflationary economic growth through the conduct of monetary policy and close macroeconomic surveillance and analysis. It manages Singapore\xe2\x80\x99s exchange rate, official foreign reserves, and liquidity in the banking sector.

As an integrated financial supervisor, MAS fosters a sound financial services sector through its prudential oversight of all financial institutions in Singapore \xe2\x80\x93 banks, insurers, capital market intermediaries, financial advisors, and stock exchanges. It is also responsible for well-functioning financial markets, sound conduct, and investor education.

MAS also works with the financial industry to promote Singapore as a dynamic international financial centre. It facilitates the development of infrastructure, adoption of technology, and upgrading of skills in the financial industry.

Join us now, if you have a genuine interest in making an impact to help shape Singapore\xe2\x80\x99s economic and financial landscape.

[What you will be working on]

Offensive Security team

Manage vulnerabilities for entire organisation by preparing regular reports to track vulnerabilities and their remediation status to ensure timely remediation

Review results of penetration tests, source code reviews, vulnerability scans to determine severity of findings and provide recommended counter measures or mitigating controls

Work with security testing providers/vendors to fulfil our need for security testing (including penetration tests, vulnerability scans, source code reviews)

For vulnerabilities discovered, work with application and infrastructure teams to track remediation timeline and risk acceptances/assessments

Review vulnerabilities and issues that come up through the DevSecOps pipeline with the application teams (ability to read source code is required)

Research and keep up to date with the latest adversarial tactics, techniques and procedures

Develop customised attack payloads, perform social engineering attacks, emulating adversaries to bypass defenses

Plan and launch adversarial attack simulation exercises to test and validate the effectiveness of cyber defence and response plan against prevalent intelligence-led cyber threats

Plan and carry out unannounced internal and external Red Team operations across environments, including web application, network and cloud infrastructure, mobile platforms, etc.

You will be working in a fast-paced environment that would require the ability to manage multiple priorities and needs of stakeholders, as well as the agility to respond to changes and developments.

[What we are looking for]

Background in Engineering, Computer Science or relevant degrees

4 or more years of working experience in IT Security and project management

Professional certifications such as CISSP, CREST and OSCP etc. preferred

Effective team player, self-motivated and thrives in a fast-paced environment

Highly analytical, possesses good written & verbal communication skills

As part of the shortlisting process for this role, you may be required to complete a medical declaration and/or undergo further assessment

All applicants will be notified on whether they are shortlisted or not within 4 weeks of the closing date of this job posting.

Government Technology Agency