Job Description

[What the role is]
At IRAS, we partner you to deliver quality tax services and foster a competitive tax environment for our nation\'s social and economic growth. By leveraging digital capabilities as part of a future-ready team, your opportunities keep expanding.

As an Infocomm Specialist, you have the technology smarts and are at the forefront of leading infocomm trends. At IRAS, you can harness your expertise to be a digital change agent in our transformation journey. You will partner business divisions to model smart and agile IT systems to shape our digital architecture. With exposure to big data platforms, you will unleash your technical expertise to create innovative digital enterprise solutions.

The result? Seamless IT interface for customers and other innovations that benefit external and internal stakeholders.

[What you will be working on]

Responsible for applying adversarial tactics to identify security weaknesses and build defence capabilities against it

Analyse application source code to identify security vulnerabilities that result in business impact.

Plan, design, simulate web application attacks on targeted web applications and web services. Leverage on existing and emerging methods to identify vulnerabilities in web technologies that would result in a business impact to the organisation.

Plan, design, simulate and execute attacks on targeted IT network environment. Leverage on existing and emerging methods to identify vulnerabilities in people, process and technologies, that results in business impact.

Plan, design and simulate social engineering attacks on targeted personnel who have direct/indirect access to a critical function of an IT network environment. Leverages on existing and emerging methods to identify weaknesses in process through influencing people.

Perform red teaming assessments using open source tools to identify vulnerability of developed systems.

Develop, conduct research on, and maintain proficiency in tools, techniques and vulnerabilities trends for red teaming

Provide written and verbal description of the identified security defects identified, articulate risks and propose mitigation measures

[What we are looking for]

Preferably background in cyber security, computer science or engineering related discipline.

At least three years of experience in Infocomm security environment or three years of conducting red teaming simulation in Enterprise IT environment.

Relevant professional certifications (e.g. CREST or CRTE) in red-teaming or penetration testing is preferred.

Relevant experience or knowledge in one or more of the following areas would be advantageous:

(a) Knowledge on OWASP (web application) top ten vulnerabilities related to web application systems, and insecure development practices in the design, coding and publishing of software or website

(b) Experience in adversarial strategies to penetrate targeted environment using methodology such as MITRE ATT&CK that simulates real world attackers

(c) Strong programming experience, and familiarity with scripting languages such as Python

(d) Knowledge of processes, procedures and methods to research, analyse and disseminate threat intelligence information

(e) Wide Knowledge of server technologies including commonly used web servers, database servers, cloud storage and server-to-server secured network communications

(f) Engineering experience in micro-services and Docker

Analytical, with good problem-solving skills.

Good writing and presentation skills

Excellent communications and interpersonal skills to relate to stakeholders\xe2\x80\x99 concerns.

Open mind and able to challenge assumptions

Performance-driven, full of enthusiasm, capable of working independently or as a team, have a high level of initiative and integrity

Willingness to learn new things

Government Technology Agency